program:
r0 = syz_clone(0x1000000, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0)
migrate_pages(r0, 0x7, 0x0, &(0x7f0000000240)=0x8000000000000001) (async)
migrate_pages(r0, 0x7, 0x0, &(0x7f0000000240)=0x8000000000000001)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)={0x230, 0x1d, 0x4, 0x70bd28, 0x25dfdbfd, {0x19}, [@generic="7b9fe4dea873c98a6e50ea01650a2621a154957ca43364b19685b813ba1a65d5d37fbbcc08f66c3cde6cf18c130803d8fc6f4becdc704985bae571c2330923a58d8d0996a46e6a2301e253c56bf23cb61e3555cea8c168dcc7951977e4471b8dc7a232cc3a1aaa377b6251c24084aee0f01673e04fc67473294b26d29c5b5ba80e5c6491fc91de7bcc91ee2d6b4fa73180a8567c4a6a6076561a5733ef43d593552b8427d3c1fae5", @nested={0x80, 0x13b, 0x0, 0x1, [@typed={0x8, 0x64, 0x0, 0x0, @ipv4=@broadcast}, @generic="f6c18d5426f9ab4baf4187708ccbf181701e71681863f0da31ac99f541be943d6a1bd47ba2ca5595bfeeee0b5cc0591cf2ff09721186e0af0302893e993cd88acb350e08f66f8ce121ad8b56d3d64d5449195435a690032580f36680cdc1bed6d35ae44e661a7d8aec3245e2", @typed={0x8, 0x53, 0x0, 0x0, @pid=r0}]}, @generic="2e3d9ba77007e26d0832cef1efd16d893de47baaba7c56c88d0a3660e7cc257a4fc65ba1a5cc23be4de082aa838af0cec1008a35898079322e5e61cdba4df12dde0203d77d261f5318c5b9266858aeed54b69045f5d1585a0d421a7a4ef7234c0372f1c647ec98aceb82d17b3f268f8df463e3d6c5fda9f47816bc074f4259585d6005d53bfd4bd373cef6013671f1ef8b2d31172367248acbaf859a109918a222430cf7e78f552910d6f3a7b9a637ca91c416a8c1b7076f24599aff44f296e13b574678140f5b397266055845ee03b6d626398d68eb9b347d0cef6f39177f39680765bccec454d256620336e8467f8625837117"]}, 0x230}, 0x1, 0x0, 0x0, 0x8000}, 0x4044041)
syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x818001, &(0x7f0000000480)={[{@inodes_32bit}, {@shared_inode_numbers}, {@errors_continue}, {@inline_data}, {@direct_io}, {@nochanges}, {@prjquota}, {@recovery_pass_last={'recovery_pass_last', 0x3d, 'delete_dead_inodes'}}, {@version_upgrade={'version_upgrade', 0x3d, 'incompatible'}}]}, 0x1, 0x5968, &(0x7f000000b5c0)="$eJzs3X+QXFW9IPBzu3synZn8mAR4RJDJEMh7PHiaCT9SKK+eeW/f01fAo2LxykfYKAxkwosmIZUEIQEluOBCARZaWor6B1pILRotqmCVSIn82IRVlGJ1qS2kVnfRrXILWVICWcpyna2ZvqfTc6fv3J7unpDA51Mwt8/p29/zveee7rnndE86AAAA8Law/5btBy864R9+/KnR12/8x+9vvin0lyfqq3GHgXR73ZuVIYdTb2XJxDY7Lv7i+m/+ZujKv/vRA33feGPf+pM3/OLvj7nykY+ev/furzz+2vyH/vRiUdw4nk4/VE5eTkKo/uDAFz697+njx+uSEEI5GdgdwqJk8eOLkkyI4T+EENanhXJl8p0Pvn7WhvHtTbf3TqpfmAlivL+9VdNxtuvgtWeEX/7t2pt/uvQ73+7Z89LuQ7sk1YbxFMKCyxsf35P+Pzctx9G2JD443a4JIfQ1PO7cgrxOaTH/FTnlE9PtnHTbXxAn3r8sUy5l9suWo57Mtq+gvU7l5dHufkXmZcrZF6NO5eUZ6xel2++l29NnGL8c/09CKQmVevqbkkNjJDSctyQkE+eyWi+X6uc2pMefKSeZcilTLvdkjmui3XSglZNkcn3cL1MfX44raf3Jja/VTVycU/+OdFtNn6hvxHLI3qjpn3KjflwTYl4HpsnlcCg1vAY1q6+Ps/Rk9Kd1/cniKY8ZayLet2/tHcvL657YP5CTR/JAksZPJvpopvF3/WTRvI9867Zr8s5tcnkpjV9qK/6vLnjmlUtv+/qXl+TFvyvGL7cV/8xH+16+4MlbluX1Tzyu/lBpK/7Ii0/dufTYK/bk5n9P7P9qW+d39d5neucffPSx3PM7HPtnblv5v3De+399/3MPv5QbP8T4fW3FX7d362d6Bw+elhv/sdg//e2Nn1f3rHp+cPC3Q3nxn43x57cV/77dd7/33oW3n597ftfE/hloK/6Fpz5y87yDD5+U+/y6p1u/OQHeno5Jr7FuTcvTzTN7p5lndqphvvCloUrtunVe+v/8bjaUufgcb2dBN+MDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAjhuDP+8wf+54cGXq6k5d70xgul2jbWzwkhmRtC2L5jZNuOjVuuGvro1dds2zKyaWhkx9Dolh3bdg6d/VdD20a3bhrZOX7v8LvOqj1ucUhq2+SkKW33jo2NlQYm18X2/s2pe365/Nz//bsQho/7+WAlN/8Vd2++99gmPzOS1WPv23zNRT8/52vpcQ2keQ00yWtsbGws5OT1fy75472fO/Cb00IY/rPp8nrqhb/54aSEJioOxUmVekMtod6kr2ke9azTfGJ/VTZs3DQ6PH3/jj++nHMc//b6l/6w4brP/rHWv9Xc42ixf+euHttU+uLaC//fF2+oVRTlVT+OTF6zfd6L+jseRcwv9l817e8F6XEtyDmuSk5/3/LTx577wQm3vbY7DFdeXTq17aLj6kkHQE/yjpbajS30JYsm1VfT/eMZj49bsWPz1hXbd+5618bNI1eNXjW65T0rz165avicVeesmDjyFV0+/tj+n7d4/K2Op2y7MxtPCz+++3vxZ2vjqSivov4Yz6u4PxozyuQ1f+Ln3NVjfRd/+vPvufvJi2rVReM87l1/HqbbvvHzvDI0jLepfdXsuIr6IYQw1KwfXnnt/HD8f9t4c9HrUOOZafyZkawee3rZ77927leX/HWt4rC8zjcm1ObrfD3rQ/lM9Fc1PR9jR2j/9oZyelz9TfNa+fSTPXfs/90n6vnNmROuG9mxY9vK2s95aabzkhOb5pWtjce1dOJnOaTdEurDtMl4HdcTavllXz/j7tle7U/v608WNz2urHjfvrV3LC+ve2J/Xk8nD9RanBufuMk7c/bclHlguZ5ws/aP1Odf0fgY/MBXH/rQQ989e8r4OLP2s+i4kpzj+s5z933+G5/999/t3nF94G+eGfj9f//X5bWKo+V1pZ51mk/S+LpyZghFz7+loflx5D7/Ss2Pp+j5l23n0P7N4w1lyv2hXPx8rYYpz9czH+17+YInb1mW+3w90Orz9YZJpXLB8/VIGT/Z51dSmZzH7D2/Jg2UZPXYj249ZvfjN645oVZRNK7rezcb12e1MP/IOa4fXvr84NVD/+6/du9145t/9eBlvxhZ/claRfvnPebSnfNeTfu3mtO/9azjvLOxf9995dWb1tfq3/Tr35om17/ptmD+E19Ktu/c9bGRTZtGt21v7bha/X0a28n2cru/T+Or2+KC4ypNOa7Zu9FKf7X6fIv5r2+7vyY/3/pD0tZ13K6fLJr3kW/dds3AlEelDV1eSuOX2or/qwueeeXS277+5dz4d8X4lbbij7z41J1Lj71iT278e5I0frWt+Kv3PtM7/+Cjj+XGH475z20r/gvnvf/X9z/38Eu58UOM399e/7+6Z9Xzg4O/zY3/bJK2M36NFMKDr5+1oVZOQk/6fIt59EzKK2TLSaZcypTLjeVSba213kA5SSbXx/3S+pMbcmnmX3Lq41VYdUlt+0Ysh+yN6euPNKWG1/5m9UXXqQAAb3Xx/f94DRrf/x9NL5TyVxrgkE7nYUty4sZ52KH1nDmT7l+Sxo+Pj+uAg+8Ow+Pbm4ZqF/ozfR8hPh+y65yxndNOmRxjJuucpXBonbNo/X1Zphzzqq2XVxrmoamp85pKaGH9fWo706+/Zw6/eH186NYpaQ01rFtlz19PumLW7PMOmXwr4xHyxkd2XSx+nmNwQVgz0V6L4yP7OZp4HrKfo4ntnJB54Wz3czSdjo+Y9jTjYyLl4vc3pp6/ME3/Hjp/zaNlz98Mznd1fP/Zfn+2C+uGTV/SDt+6YQvvhzWJ3+r7YfV1ydVT95ku/ttlXfJIXzeM9fE4Ki2uJ34op76V9cTGdbm89cT4chHzOjBNLoeD9UTgrSrO/+PviPH5//gF+P/N7Fd0HZq9aozxcj8nVG6eT9G8Y+rn9Pra+j2+bu/Wz/QOHjwt9zrnsVY/97N1Uqmv4HM/Rf24PFMu7MecBZqi+V62naJ+z34uoz/Mb6vf79t993vvXXj7+bn9vqb2i7S43z8/qTS/oN+PgvlC8/hvtfmCzzFMjt+lzzEUrZ+9afOR9INPszUf+eec+pl+vqFvyo36cU046uYjPYc3LwDg6BHn//X3z9L5//+IO6TXEUXz1tMz5Rgvd96ac32SN2/9p3R7XWb//vQvKmZ63XzhqY/cPO/gwyflzlvuaXUe+h8mlQYK56GdzZtz5xFruvN58dx5RH2e1dk8MTf/+jyxs3l6bvz6PL2zeXRu/9Tn0Z2tA+TGr68DHO3z3IL1ukxjsdjqet1bdh6d/vnsbM2jL86pn+k8un/KjfpxTTCPBgB4c8X5f7yMi/P/JzP7dfo+e+68oEvX7dl/D6Qe/9nDNa+c7XnfbM9bZ3teP9vrEkf7vHi214Vmd53sbT8vTht9+82L5x623AAA6Fyc/8eruPz5f2fzk2bzt55J8xPz86bxzc+PkPn50b7+Zf7vffFi3hcHAHhri/P/+GeP8d//+09pOfvv1pun58Q3TzdPn278vLpn1f0DrczTu7/OFnwO4M1dB2h4i9w6AAAAb4aeiZnS1L+z/3C6zf6dfd7f5V+as3+rKunl8RU7to2OXnbN1vUjO0Yv23L1+tHtl127beOOHaNbavt1Om/Mnbek88aeUEn7o/l+2XnbwvTfQ1iY8+8hZPePYU+cuDH130PINju34N8ROHT+Wss37/yVptm/2fjIO9958f8lZ/+ofv6v/NczL9uw/bKNWzbu2DiyaeOu0cn7jc9a+2bwvZmxW2b0famZH1OUZv79nd3JozQlj560P/K+nz3J5LEozWRR3vcf5OT94//yuY+fOvbH+0MYPq78zo76L1k99h8vGf2nHft/vnU8/7nT5l/fM82r6PtKs/vH46lsunr7jjM2XH3Nluw3SrYnrmeU6uVZWs9In/7lFtcn1uXUz/RzCuUpN45MLa9PAAAwSXz/P17PxvcPP5teQMX61ufpnb1/nDtPH548T8/7q9Ps95IVzdOz+8fjbXWeXu1wnp5tv2ie3mz/ZvP0vHl3Xvx/ztl/plofJ519ziN3nFze2npO9vsMisZJdv+ZjpOkw3GSbb9onDTbv9k4yTvvefE/mLN/ntbHQ2efy8kdD3e1Nh7+MlMuGg/Z/Wc6Hkodjods+0Xjodn+zcZD3vnNi39Rzv6tmjw+xgfGxLgYvezaq7d9rGG/2f7+i87zm93v/2hX6/nP7ue+Zj//2f1c2ezn39nff+Xm/2xnK2Gt5z+73+/SrsO2Xpt+2Kzo82dF67hrc+pnuo47Z8qNI5N1XHjzxPl/fLsnzv9vT7fdfhvo6P+eNN9j1jR+l77HrOg6xu/zaRo7Avh9DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCa3sqSie3+W7YfvOiEf/jxp0Zfv/Efv7/5pr+4/pu/Gbry7370QN833ti3/uQNv/j7Y6585KPn7737K4+/Nv+hP71YGHhg4mfl9LRYDSF5OQmh+oMDX/j0vqePH69LQgjlZGB3CIuSxY8vSjIRhv8QQlhfz3PynQ++ftaG8e1Nt/dOql+YCZI9rtBfjvk05hnCdYVHxFGomo6zXQevPSP88m/X3vzTpd/5ds+el3Yf2iWpNoynEBZc3vj4nhDC3PT/cXG0LYkPTrdrQgh9DY87tyCvU1rMf0VO+cR0Oyfd9hfEifcvy5RLmf2y5agns+0raK9TeXm0u1+ReZly9sWoU3l5xvpF6fZ76fb0GcYvx/+TUEpCpZ7+puTQGAkN5y0JycS5rNbLpfq5DenxZ8pJplzKlMs9meOaaDcdaOUkmVwf98vUx5fjSlp/cuNrdRMX59S/I91W0yfqG7Ecsjdq+qfcqB/XhJjXgWlyORxKDa9BzerrJz49Gf1pXX+yeMpjxpqI9+1be8fy8ron9g/k5JE8kKTxk7bi7/rJonkf+dZt1yzJi395KY1faiv+ry545pVLb/v6l3Pj3xXjl9uKf+ajfS9f8OQty3L750Dsn0pb8UdefOrOpcdesSc3/3ti/Gpb8VfvfaZ3/sFHH8vNfzj2z9y24r9w3vt/ff9zD7+UGz/E+H1txV+3d+tnegcPnpYb/7HYP/3tjZ9X96x6fnDwt0N58Z+N8ee3Ff++3Xe/996Ft5+fe37XxP4ZaCv+hac+cvO8gw+flPfamdzTrd+cAG9Px6TXWLem5XbnmZ1qmC98aahSu+abl/4/v5sNZYy3s2AW4wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Nb0sxvO/vAl7/vg2koSQpKzz1gT8b7ynNWrh9pod+TFp+5ceuwVexrrlrQRBwAAACgW5+Glek01LAnXJnPDiU33j2sEJ8ZSMrk+u4YQ42TXCNqNU+pSnHKX4lS6FKenS3HmdClOb5fiVAviVENrceZOE6cyPipazKdv2nxaj9PfpTjzuhRnfpfiLOhSnIVdijMwbZzWx+GiLsVZ3KU4x3QpzrFdinNcl+L8WZfiHN+lONk15ZmOw/npnifkxZm4US6MU0nK9Tuaracfn7ZzUoft9Be0M7/o93GL7cxtsZ1TMo8rzbCdaovt/HmH7SQttvOXHbZTKmgnjtvrsvnFdmKpxfG/s0txdnUW53/F663ru5TPDV2K84kuxflkl+Lc2GGcbBkgT5z/H5rvDYTeyl+HvvQVJ7sKEOe7Syd+Tv19l/cCFOO9M1M/pyhedqKeibd0pvllFxAy8ZZl6nsmxavU5yPTxKs2xlueubPweLMLCpn8Ts/U9xbFyy4sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAs+tkNZ3/4kvd9cG1Iwvh/TY01Ee8rz1m9eqiNdvetvWN5ed0T+xvreittBAIAAAAKxXl4T72mGnorK0NvMmfSftV0HaCalssDte3ggrBmfJsMlSbKfcmiaR9XSR+3YsfmrSu279z1ro2bR64avWp0y3tWnr1y1fA5q85ZsWHjptHh2s8QegvihRAmlh+279z1sZFNm0a3ba9VZvNfkj5uSVpO0scNvjsMj29vSvNfXNBeaUp7O58/r3bXoZou3Sg4dQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/2fX7kLkvOo/gJ9nZnZmum3+3T99m4ZmO+SlRC2axK2kWroPCBbaJGQpyEx1LcEmWNw0oU1KrGMbsK0JitASCJFcGInF1uJNX2wR+0IgUqMBNwZpi/ZCL5RWK2nJhaSMZHfO7MxkJrOOpWnj53PxPDPn/M75zZmLhe+zAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHzgpmtjk5XxiepwEkLSo6beRZzL5tO0PEDfLz+/9fuF0ZPLW8cKuQE2AgAAAPqKOXyoOVIMhVw2ZMOVM+8Wn77kGxNhLvcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/e6ZrY5OV8YnqhUkISY+aehdxLptP0/IAfd9458nPvDo6+tfWsdIA+wAAAAD9xRyeaY4UQyksCUPJlW118dnAwo71nXVxn0XzrOt8dtCrbsk8666ZZ93H+tSta9x3BAAAAPjoi/k/1xwZCYXcgp75v1+uj3VXd9RlG/dBfisAAAAA/Hdi/i80R0qhkCs18/p88/7ijrq4vt//7eP6ZT3W9/t//trG3f/pAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCjY7o2NlkZn6hmkxCSHjX1LuJcNp+m5QH6rnph+O+3HHpocetYITfARgAAAEBfMYfPRe9iKOSGw1C4cCb3j960/+kvPv3sWAhhNubn82HHhm3b7l41e411K48cGvre4be+1dwm1q2cvZ6TwwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO+r6drYZGV8onpBEkLSo6beRZzL5tO0PEDf1z/3hT8/fvy5N1vHSgPsAwAAAPQXc/hc9i+GUsiHfLh85l1r1j8t07G+1zMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Pxxzzfu+/qGqamNd3vhhRdeNF+c679MAADA++3qkIT6f+iK9ef6UwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8G07Wxycr4RLWYhJD0qKl3Eeey+TQtD9A3ff5oYcHJF15qHSsNsA8AAADQX8zhc9m/GEphKAyFy2bedXsmMJP/Rz7ADwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8qEzXxiYr4xPVBUkISY+aehdxLptP0/IAfR/bue+zBy/+7s2tY4XcABsBAAAAfcUcnm+OFEMh9/FQCFc13k+1L0iyjXv35wJz67a2LRue97pa27rsvNft6jhZrnGa2XXFuN/I7L25rnzmunLLulJoti+3rQt72lYt6PM5AwAAAJxDMf8XmiMjoZArtOTcn7TVj8i5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAP07Wxycr4RDVJQkh61NS7iHPZfJqWB+h732/+/6Kv/HT39tax0gD7AAAAAP3FHD6X/YuhFBaF/wuLZnJ/GGmvj3X/qJw6+Og//7I8hBWXHxvNdW77w/jiV6/f+GLnJYRMe3UmhIsb/ZIe/X79u0fvXVo/9XgIKy7LXnVGv3D2fnPq9XKS1p+pbFy77fCxrf2/HwAAADgfxPw/1BwZCYXcXT3zf0zeffJ/00wAv/jenT+/tHFtJPKOFZlC43cGmR79Pr/0yT8tW/23t07n/7P1+9S+zQcvbWs4O9IhSevjm7evO3bdgUw89ex5sx394/fypW+++a9NOx45Ndu/GIqN8YW5bv3PvHa4IK1PZfZW17y3t9beP9fj/A/99qXjv1y4+93T/d+5erjZ/5qznP/s/YdvfXjP9fsOrWvvH0Iod+v/9rs3hyv+cOeDnecf7ti49ZtvvXZI0vqRxScOrN5fuqG9f9LRP37/Pzv+2J4fP/KdZ2P/+FuR5Uvm2z/T0f+VXZfsfPmB9Qvb+2d6nP/F214d3VL+9u87z39H2665np/izPM/ce1Tt7+2Ib2/cwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD8Ml0bm6yMT1QzSQhJj5p6F3Eum0/T8gB937jl6Nu37f7RD1rHSgPsAwAAAPQXc/hc9i+GUsiHfBieyf3PVDau3Xb42NYwMjubNO65qS33bPvEpi3b77rjHH1yAAAAYL5i/s81R0ZCIbc0DDXy//jm7euOXXcgE/N/Jub/TXdObVwRmnWv7Lpk58sPrF/YfE4QwszPAoqn6z49V3fTjUdHTvzxa8u61q2aqzuy+MSB1ftLN8S60Fq3MjSfTzxx7VO3v7Yhvb/5+VrrPvnVLVONxxNx3+FbH95z/b5D65rnaNyHG/vGuqnM3uqa9/bWYl22cS82zg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnGm6NjZZGZ+ohmwISY+aehdxLptP0/IAfdcs/cWDF518blHrWCE3wEYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBvduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrBfP6FxlH0cwJ9nN3mzzSZt0r5gVEzTqij1YFEQ0YuKirQiBU+VItXWHkRBEFHqwVRasVTFi2D1UkQFNUpBwcZiaZVU/Fe8eFBBoXoQSjGgXYoHlew+s91Md1ydVEH9fGB48jwz853fzPPsbBYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhHGegba7aHd9zfuOWcGz569K4Tj9z0zr3bLnr41e8mNl334d7Bl07ObF6x5cvrl23af/ea6d3PH/pp+K1fjvYMfqjVrErdWgjxeAyh9u7sM4/NfHzW3FgMIVTjyGQIo3HpodGYS1j9cwhhc7vO+TvfPHH5lrl2266BeeNLciH5+wr1alZPy8j8evl3qaV1trXx4CXh62vXb/90+Ruv908dmzx1SKx1rKcQFm/sPL8/hLAobXOy1TaWnZzadSGEwY7zruxR1/l/sP5LC/rnpvZ/qa33yMn2r8z1K7nj8v1Mf64d7HG9hSqqo+xxvQzl+vmX0UIV1ZmNj6b27dSu+pP51WyLoRJDX7v8e+KpNRI65i2G2JzLWrtfac9tSPef68dcv5LrV/tz99W8blpo1Rjnj2fH5caz13FfGl/R+a7u4taC8bNTW0sf1JNZP+T/aKmf9kf7vpqyumZ/p5a/Q6XjHdRtvD3xaTLqaawel552zq9dZPtm1j9xYXXDe4dHCuqIe2PKj6Xyt34yOnT7azsfGCvK31hJ+ZVS+d+sPfLDbTtfeK4w/+ksv1oq/7IDg8fXvr9jZeHzmc2eT1+p/DuOfvDk8v/fOdVtrpv5e7L8Wqn8a6aPDAw3DhwsrH919nwWlcr/6uobv33l833HCvNDlj9YKn/D9H1PDYw3Li7MP9j6KNSbK7TE+vlx6oovxse/nyjK/yx7/sNd8mPP/Jcnd1/14pJdawrX57rs+YyUqv/mC/ZvH2rsO6/o3Rn3nKlvToD/pmXpf6zHU7/s78yF6vi98OxEX+sbaChtw2fyQjlz11n8F+YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAb+zAAQkAAACAoP+v2xEoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwVAAAAP//fjwlGg==")
[ 75.469524][ T5335] Bluetooth: hci0: command tx timeout
[ 76.212714][ T5356] loop0: detected capacity change from 0 to 32768
[ 76.464854][ T5356] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,prjquota,nochanges,recovery_pass_last=delete_dead_inodes,nojournal_transaction_names,read_only,version_upgrade=incompatible
[ 76.464874][ T5356] allowing incompatible features above 0.0: (unknown version)
[ 76.464880][ T5356] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[ 76.505083][ T5356] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[ 76.520045][ T5356] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing
[ 76.525061][ T5356] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:10004000b compress none
[ 76.525073][ T5356] has non ptr field, deleting
[ 76.545970][ T1316] ieee802154 phy0 wpan0: encryption failed: -22
[ 76.546054][ T1316] ieee802154 phy1 wpan1: encryption failed: -22
[ 76.605576][ T5356] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[ 76.610712][ T5356] bcachefs (loop0): Version upgrade from 1.3: rebalance_work to 1.7: mi_btree_bitmap incomplete
[ 76.610712][ T5356] Doing compatible version upgrade from 1.3: rebalance_work to 1.28: inode_has_case_insensitive
[ 76.610712][ T5356] running recovery passes: check_allocations,check_extents_to_backpointers,check_subvols,check_inodes,check_dirents
[ 76.639335][ T5356] bcachefs (loop0): Now allowing incompatible features up to 1.28: inode_has_case_insensitive, previously allowed up to 0.0: (unknown version)
[ 76.639335][ T5356]
[ 76.813104][ T5356] bcachefs (loop0): accounting_read... done
[ 76.822591][ T5356] bcachefs (loop0): alloc_read... done
[ 76.825356][ T5356] bcachefs (loop0): snapshots_read... done
[ 76.828444][ T5356] bcachefs (loop0): check_allocations...
[ 76.841300][ T5356] bcachefs (loop0): bucket 0:26 data type btree ptr gen 0 missing in alloc btree
[ 76.841328][ T5356] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing
[ 76.879631][ T5356] bcachefs (loop0): bucket 0:38 data type btree ptr gen 0 missing in alloc btree
[ 76.879647][ T5356] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 8 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing
[ 76.901653][ T5356] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree
[ 76.901668][ T5356] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing
[ 76.932129][ T5356] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree
[ 76.932145][ T5356] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing
[ 76.958544][ T5356] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing
[ 76.967216][ T5356] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 76.981779][ T5356] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing
[ 76.986007][ T5356] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 76.991670][ T5356] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing
[ 76.996095][ T5356] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 77.003878][ T5356] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing
[ 77.012345][ T5356] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 77.017337][ T5356] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing
[ 77.022084][ T5356] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 77.027020][ T5356] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing
[ 77.033400][ T5356] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 77.038675][ T5356] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing
[ 77.043887][ T5356] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 77.050108][ T5356] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing
[ 77.055121][ T5356] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing
[ 77.060115][ T5356] bcachefs (loop0): bucket 0:16 gen 0 has wrong data_type: got free, should be sb, fixing
[ 77.064180][ T5356] bcachefs (loop0): bucket 0:16 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 77.070555][ T5356] bcachefs (loop0): bucket 0:17 gen 0 has wrong data_type: got free, should be sb, fixing
[ 77.076257][ T5356] bcachefs (loop0): bucket 0:17 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 77.081709][ T5356] bcachefs (loop0): bucket 0:18 gen 0 has wrong data_type: got free, should be sb, fixing
[ 77.081720][ T5356] Ratelimiting new instances of previous error
[ 77.090674][ T5356] bcachefs (loop0): bucket 0:18 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 77.090688][ T5356] Ratelimiting new instances of previous error
[ 77.104590][ T5356] done
[ 77.108645][ T5356] bcachefs (loop0): going read-write
[ 77.360103][ T5356] bcachefs (loop0): journal_replay... done
[ 77.448951][ T5356] bcachefs (loop0): check_extents_to_backpointers...
[ 77.452966][ T5356] bcachefs (loop0): scanning for missing backpointers in 4/128 buckets
[ 77.469661][ T5356] done
[ 77.471338][ T5356] bcachefs (loop0): check_subvols... done
[ 77.474176][ T5356] bcachefs (loop0): check_inodes... done
[ 77.477041][ T5356] bcachefs (loop0): check_dirents...
[ 77.478276][ T5356] bcachefs (loop0): key in missing inode, found keys:
[ 77.478302][ T5356] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir
[ 77.478311][ T5356] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg
[ 77.478319][ T5356] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg
[ 77.478327][ T5356] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg
[ 77.478337][ T5356] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir
[ 77.478346][ T5356] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg
[ 77.478354][ T5356] , fixing
[ 77.492940][ T4703] Bluetooth: hci0: command tx timeout
[ 77.604952][ T5356] bcachefs (loop0): hash table key at wrong offset: should be at 7984566920636341384
[ 77.604967][ T5356] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing
[ 77.624755][ T5356] bcachefs (loop0): hash table key at wrong offset: should be at 1306673260822743275
[ 77.624781][ T5356] u64s 7 type dirent 4096:1896155912177158345:U32_MAX len 0 ver 0: file3 -> 536870913 type reg, fixing
[ 77.645950][ T5356] bcachefs (loop0): hash table key at wrong offset: should be at 4053473604660016527
[ 77.645966][ T5356] u64s 7 type dirent 4096:2695648408715017799:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing
[ 77.698468][ T5356] bcachefs (loop0): dirent points to missing inode:
[ 77.698482][ T5356] u64s 7 type dirent 4096:4053473604660016527:U32_MAX len 0 ver 0: file2 -> 536870913 type reg, fixing
[ 77.724164][ T5356] bcachefs (loop0): hash table key at wrong offset: should be at 278515674215342741
[ 77.724179][ T5356] u64s 7 type dirent 4096:4330382808765833931:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing
[ 77.759561][ T5356] bcachefs (loop0): dirent points to missing inode:
[ 77.759576][ T5356] u64s 7 type dirent 4096:7984566920636341384:U32_MAX len 0 ver 0: file0 -> 4098 type dir, fixing
[ 77.767027][ T5356] bcachefs (loop0): hash table key at wrong offset: should be at 8660473217422943745
[ 77.767041][ T5356] u64s 8 type dirent 4096:8130059955150870709:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing
[ 77.814627][ T5356] bcachefs (loop0): dirent points to missing inode:
[ 77.814639][ T5356] u64s 8 type dirent 4096:8660473217422943745:U32_MAX len 0 ver 0: lost+found -> 4097 type dir, fixing
[ 77.859716][ T5356] bcachefs (loop0): hash table key at wrong offset: should be at 1889442989944519368
[ 77.859730][ T5356] u64s 8 type dirent 4096:9097378837824744618:U32_MAX len 0 ver 0: file.cold -> 536870914 type reg, fixing
[ 77.879340][ T5356] bcachefs (loop0): fsck counted subdirectories wrong for inum 4096:4294967295: got 3 should be 0
[ 77.916429][ T5356] bcachefs (loop0): key in missing inode, found keys:
[ 77.916446][ T5356] u64s 7 type dirent 4098:5675548428000973578:U32_MAX len 0 ver 0: file1 -> 4100 type lnk
[ 77.916453][ T5356] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg
[ 77.916460][ T5356] , fixing
[ 77.973592][ T5356] bcachefs (loop0): key in missing inode, found keys:
[ 77.973607][ T5356] u64s 7 type dirent 4098:8977922886548783724:U32_MAX len 0 ver 0: file0 -> 4099 type reg
[ 77.973614][ T5356] , fixing
[ 77.995088][ T5356] bcachefs (loop0): check_dirents requires second pass
[ 77.999583][ T5356] bcachefs (loop0): dirent points to missing inode:
[ 77.999597][ T5356] u64s 7 type dirent 4096:278515674215342741:U32_MAX len 0 ver 0: file1 -> 536870912 type reg, fixing
[ 78.029399][ T5356] ==================================================================
[ 78.032798][ T5356] BUG: KASAN: use-after-free in bch2_check_dirents+0x1fac/0x33f0
[ 78.035776][ T5356] Read of size 1 at addr ffff8880426a00c0 by task syz.0.0/5356
[ 78.038901][ T5356]
[ 78.039811][ T5356] CPU: 0 UID: 0 PID: 5356 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 78.039821][ T5356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 78.039826][ T5356] Call Trace:
[ 78.039831][ T5356]
[ 78.039835][ T5356] dump_stack_lvl+0x189/0x250
[ 78.039848][ T5356] ? __kasan_check_byte+0x12/0x40
[ 78.039857][ T5356] ? __pfx_dump_stack_lvl+0x10/0x10
[ 78.039865][ T5356] ? lock_release+0x4b/0x3e0
[ 78.039876][ T5356] ? __virt_addr_valid+0x4a5/0x5c0
[ 78.039886][ T5356] print_report+0xca/0x240
[ 78.039897][ T5356] ? bch2_check_dirents+0x1fac/0x33f0
[ 78.039914][ T5356] kasan_report+0x118/0x150
[ 78.039927][ T5356] ? bch2_check_dirents+0x1fac/0x33f0
[ 78.039942][ T5356] bch2_check_dirents+0x1fac/0x33f0
[ 78.039955][ T5356] ? bch2_check_dirents+0x2f1/0x33f0
[ 78.039965][ T5356] ? desc_read+0x1b8/0x3f0
[ 78.039973][ T5356] ? prb_first_seq+0xfd/0x1a0
[ 78.039981][ T5356] ? __pfx_bch2_check_dirents+0x10/0x10
[ 78.039991][ T5356] ? __pfx_prb_first_seq+0x10/0x10
[ 78.039997][ T5356] ? desc_read+0x1b8/0x3f0
[ 78.040004][ T5356] ? this_cpu_in_panic+0x4f/0x80
[ 78.040010][ T5356] ? _prb_read_valid+0xa07/0xa90
[ 78.040016][ T5356] ? console_flush_all+0x13a/0xc40
[ 78.040025][ T5356] ? up+0xde/0x150
[ 78.040073][ T5356] ? __console_unlock+0x14c/0x1a0
[ 78.040081][ T5356] ? __pfx___console_unlock+0x10/0x10
[ 78.040090][ T5356] ? prb_read_valid+0x3c/0x60
[ 78.040096][ T5356] ? console_unlock+0x21b/0x270
[ 78.040103][ T5356] ? __pfx_console_unlock+0x10/0x10
[ 78.040112][ T5356] ? vprintk_emit+0x63e/0x7a0
[ 78.040122][ T5356] ? __bch2_print+0x176/0x220
[ 78.040130][ T5356] ? bch2_check_dirents+0x2f1/0x33f0
[ 78.040141][ T5356] ? lockdep_hardirqs_on+0x9c/0x150
[ 78.040150][ T5356] __bch2_run_recovery_passes+0x3bd/0x1060
[ 78.040162][ T5356] bch2_run_recovery_passes+0x184/0x210
[ 78.040170][ T5356] bch2_fs_recovery+0x2690/0x3a50
[ 78.040183][ T5356] ? __pfx_bch2_fs_recovery+0x10/0x10
[ 78.040195][ T5356] ? __lock_acquire+0xab9/0xd20
[ 78.040205][ T5356] ? __mutex_trylock_common+0x153/0x260
[ 78.040213][ T5356] ? __lock_acquire+0xab9/0xd20
[ 78.040224][ T5356] ? __lock_acquire+0xab9/0xd20
[ 78.040236][ T5356] ? bch2_fs_start+0xa0f/0xda0
[ 78.040243][ T5356] ? up_write+0x1c4/0x420
[ 78.040250][ T5356] ? bch2_fs_start+0x5e7/0xda0
[ 78.040257][ T5356] bch2_fs_start+0xaaf/0xda0
[ 78.040265][ T5356] ? bch2_fs_start+0x5e7/0xda0
[ 78.040276][ T5356] ? __pfx_bch2_fs_start+0x10/0x10
[ 78.040289][ T5356] ? sget+0x267/0x620
[ 78.040302][ T5356] bch2_fs_get_tree+0xb39/0x1520
[ 78.040318][ T5356] ? __pfx_bch2_fs_get_tree+0x10/0x10
[ 78.040334][ T5356] ? __pfx_vfs_parse_comma_sep+0x10/0x10
[ 78.040355][ T5356] vfs_get_tree+0x92/0x2b0
[ 78.040368][ T5356] do_new_mount+0x2a2/0x9e0
[ 78.040385][ T5356] ? ns_capable+0x8a/0xf0
[ 78.040395][ T5356] ? __pfx_do_new_mount+0x10/0x10
[ 78.040407][ T5356] ? path_mount+0x61c/0xfe0
[ 78.040421][ T5356] ? user_path_at+0x44/0x60
[ 78.040433][ T5356] __se_sys_mount+0x317/0x410
[ 78.040448][ T5356] ? __pfx___se_sys_mount+0x10/0x10
[ 78.040464][ T5356] ? do_syscall_64+0xbe/0x3b0
[ 78.040478][ T5356] ? __x64_sys_mount+0x20/0xc0
[ 78.040492][ T5356] do_syscall_64+0xfa/0x3b0
[ 78.040506][ T5356] ? lockdep_hardirqs_on+0x9c/0x150
[ 78.040519][ T5356] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 78.040530][ T5356] ? clear_bhb_loop+0x60/0xb0
[ 78.040542][ T5356] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 78.040552][ T5356] RIP: 0033:0x7f103e99038a
[ 78.040564][ T5356] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 78.040574][ T5356] RSP: 002b:00007f103f7d4e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 78.040586][ T5356] RAX: ffffffffffffffda RBX: 00007f103f7d4ef0 RCX: 00007f103e99038a
[ 78.040594][ T5356] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007f103f7d4eb0
[ 78.040601][ T5356] RBP: 00002000000000c0 R08: 00007f103f7d4ef0 R09: 0000000000818001
[ 78.040608][ T5356] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080
[ 78.040614][ T5356] R13: 00007f103f7d4eb0 R14: 0000000000005968 R15: 0000200000000480
[ 78.040626][ T5356]
[ 78.040630][ T5356]
[ 78.220785][ T5356] The buggy address belongs to the physical page:
[ 78.223541][ T5356] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x5 pfn:0x426a0
[ 78.227242][ T5356] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 78.230281][ T5356] page_type: f0(buddy)
[ 78.231982][ T5356] raw: 04fff00000000000 ffffea000109b808 ffff88805ffd6f08 0000000000000000
[ 78.235536][ T5356] raw: 0000000000000005 0000000000000005 00000000f0000000 0000000000000000
[ 78.239275][ T5356] page dumped because: kasan: bad access detected
[ 78.242776][ T5356] page_owner tracks the page as freed
[ 78.245689][ T5356] page last allocated via order 5, migratetype Unmovable, gfp_mask 0x42800(GFP_NOWAIT|__GFP_COMP), pid 5356, tgid 5355 (syz.0.0), ts 77972909877, free_ts 78029326999
[ 78.253646][ T5356] post_alloc_hook+0x240/0x2a0
[ 78.255446][ T5356] get_page_from_freelist+0x21e4/0x22c0
[ 78.257614][ T5356] __alloc_frozen_pages_noprof+0x181/0x370
[ 78.259836][ T5356] alloc_pages_mpol+0x232/0x4a0
[ 78.261719][ T5356] ___kmalloc_large_node+0x5f/0x1b0
[ 78.263631][ T5356] __kmalloc_large_node_noprof+0x18/0x90
[ 78.265892][ T5356] __kvmalloc_node_noprof+0x6d/0x5f0
[ 78.267932][ T5356] btree_node_sort+0x666/0x1760
[ 78.269828][ T5356] bch2_btree_post_write_cleanup+0x11f/0xad0
[ 78.272365][ T5356] bch2_btree_node_prep_for_write+0x337/0x650
[ 78.274825][ T5356] bch2_trans_lock_write+0x669/0xba0
[ 78.276888][ T5356] __bch2_trans_commit+0x2773/0x8870
[ 78.279101][ T5356] bch2_check_dirents+0x811/0x33f0
[ 78.281267][ T5356] __bch2_run_recovery_passes+0x3bd/0x1060
[ 78.283642][ T5356] bch2_run_recovery_passes+0x184/0x210
[ 78.285902][ T5356] bch2_fs_recovery+0x2690/0x3a50
[ 78.288055][ T5356] page last free pid 5356 tgid 5355 stack trace:
[ 78.290677][ T5356] __free_pages_ok+0xa83/0xbe0
[ 78.292943][ T5356] free_large_kmalloc+0x13a/0x1f0
[ 78.295238][ T5356] btree_node_sort+0x117f/0x1760
[ 78.297393][ T5356] bch2_btree_post_write_cleanup+0x11f/0xad0
[ 78.299770][ T5356] bch2_btree_node_prep_for_write+0x337/0x650
[ 78.302042][ T5356] bch2_trans_lock_write+0x669/0xba0
[ 78.304262][ T5356] __bch2_trans_commit+0x2773/0x8870
[ 78.306483][ T5356] bch2_check_dirents+0x1c5c/0x33f0
[ 78.308682][ T5356] __bch2_run_recovery_passes+0x3bd/0x1060
[ 78.311219][ T5356] bch2_run_recovery_passes+0x184/0x210
[ 78.313698][ T5356] bch2_fs_recovery+0x2690/0x3a50
[ 78.316001][ T5356] bch2_fs_start+0xaaf/0xda0
[ 78.318044][ T5356] bch2_fs_get_tree+0xb39/0x1520
[ 78.320189][ T5356] vfs_get_tree+0x92/0x2b0
[ 78.322249][ T5356] do_new_mount+0x2a2/0x9e0
[ 78.324282][ T5356] __se_sys_mount+0x317/0x410
[ 78.326305][ T5356]
[ 78.327320][ T5356] Memory state around the buggy address:
[ 78.329669][ T5356] ffff88804269ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 78.332932][ T5356] ffff8880426a0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 78.336429][ T5356] >ffff8880426a0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 78.339965][ T5356] ^
[ 78.342697][ T5356] ffff8880426a0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 78.346172][ T5356] ffff8880426a0180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 78.349702][ T5356] ==================================================================
[ 78.463732][ T5356] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 78.466908][ T5356] CPU: 0 UID: 0 PID: 5356 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
[ 78.470900][ T5356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 78.476219][ T5356] Call Trace:
[ 78.478050][ T5356]
[ 78.479458][ T5356] dump_stack_lvl+0x99/0x250
[ 78.481493][ T5356] ? __asan_memcpy+0x40/0x70
[ 78.483563][ T5356] ? __pfx_dump_stack_lvl+0x10/0x10
[ 78.485835][ T5356] ? __pfx__printk+0x10/0x10
[ 78.487904][ T5356] vpanic+0x281/0x750
[ 78.489848][ T5356] ? preempt_schedule+0xae/0xc0
[ 78.492061][ T5356] ? __pfx_vpanic+0x10/0x10
[ 78.493943][ T5356] ? preempt_schedule_common+0x83/0xd0
[ 78.496355][ T5356] ? preempt_schedule+0xae/0xc0
[ 78.498569][ T5356] ? __pfx_preempt_schedule+0x10/0x10
[ 78.501155][ T5356] panic+0xb9/0xc0
[ 78.503203][ T5356] ? __pfx_panic+0x10/0x10
[ 78.505374][ T5356] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 78.508253][ T5356] ? bch2_check_dirents+0x1fac/0x33f0
[ 78.510720][ T5356] check_panic_on_warn+0x89/0xb0
[ 78.513086][ T5356] ? bch2_check_dirents+0x1fac/0x33f0
[ 78.515535][ T5356] end_report+0x78/0x160
[ 78.517495][ T5356] kasan_report+0x129/0x150
[ 78.519513][ T5356] ? bch2_check_dirents+0x1fac/0x33f0
[ 78.521886][ T5356] bch2_check_dirents+0x1fac/0x33f0
[ 78.524125][ T5356] ? bch2_check_dirents+0x2f1/0x33f0
[ 78.526468][ T5356] ? desc_read+0x1b8/0x3f0
[ 78.528346][ T5356] ? prb_first_seq+0xfd/0x1a0
[ 78.530401][ T5356] ? __pfx_bch2_check_dirents+0x10/0x10
[ 78.532651][ T5356] ? __pfx_prb_first_seq+0x10/0x10
[ 78.534714][ T5356] ? desc_read+0x1b8/0x3f0
[ 78.536542][ T5356] ? this_cpu_in_panic+0x4f/0x80
[ 78.538563][ T5356] ? _prb_read_valid+0xa07/0xa90
[ 78.540580][ T5356] ? console_flush_all+0x13a/0xc40
[ 78.542968][ T5356] ? up+0xde/0x150
[ 78.544687][ T5356] ? __console_unlock+0x14c/0x1a0
[ 78.546865][ T5356] ? __pfx___console_unlock+0x10/0x10
[ 78.548770][ T5356] ? prb_read_valid+0x3c/0x60
[ 78.550660][ T5356] ? console_unlock+0x21b/0x270
[ 78.552822][ T5356] ? __pfx_console_unlock+0x10/0x10
[ 78.555147][ T5356] ? vprintk_emit+0x63e/0x7a0
[ 78.557331][ T5356] ? __bch2_print+0x176/0x220
[ 78.559354][ T5356] ? bch2_check_dirents+0x2f1/0x33f0
[ 78.561473][ T5356] ? lockdep_hardirqs_on+0x9c/0x150
[ 78.563578][ T5356] __bch2_run_recovery_passes+0x3bd/0x1060
[ 78.566325][ T5356] bch2_run_recovery_passes+0x184/0x210
[ 78.569063][ T5356] bch2_fs_recovery+0x2690/0x3a50
[ 78.571621][ T5356] ? __pfx_bch2_fs_recovery+0x10/0x10
[ 78.574249][ T5356] ? __lock_acquire+0xab9/0xd20
[ 78.576508][ T5356] ? __mutex_trylock_common+0x153/0x260
[ 78.578898][ T5356] ? __lock_acquire+0xab9/0xd20
[ 78.581184][ T5356] ? __lock_acquire+0xab9/0xd20
[ 78.583662][ T5356] ? bch2_fs_start+0xa0f/0xda0
[ 78.585838][ T5356] ? up_write+0x1c4/0x420
[ 78.587757][ T5356] ? bch2_fs_start+0x5e7/0xda0
[ 78.589872][ T5356] bch2_fs_start+0xaaf/0xda0
[ 78.591883][ T5356] ? bch2_fs_start+0x5e7/0xda0
[ 78.593941][ T5356] ? __pfx_bch2_fs_start+0x10/0x10
[ 78.596185][ T5356] ? sget+0x267/0x620
[ 78.597887][ T5356] bch2_fs_get_tree+0xb39/0x1520
[ 78.600157][ T5356] ? __pfx_bch2_fs_get_tree+0x10/0x10
[ 78.602681][ T5356] ? __pfx_vfs_parse_comma_sep+0x10/0x10
[ 78.605358][ T5356] vfs_get_tree+0x92/0x2b0
[ 78.607250][ T5356] do_new_mount+0x2a2/0x9e0
[ 78.609158][ T5356] ? ns_capable+0x8a/0xf0
[ 78.611157][ T5356] ? __pfx_do_new_mount+0x10/0x10
[ 78.613374][ T5356] ? path_mount+0x61c/0xfe0
[ 78.615388][ T5356] ? user_path_at+0x44/0x60
[ 78.617456][ T5356] __se_sys_mount+0x317/0x410
[ 78.619489][ T5356] ? __pfx___se_sys_mount+0x10/0x10
[ 78.621888][ T5356] ? do_syscall_64+0xbe/0x3b0
[ 78.623987][ T5356] ? __x64_sys_mount+0x20/0xc0
[ 78.626126][ T5356] do_syscall_64+0xfa/0x3b0
[ 78.628238][ T5356] ? lockdep_hardirqs_on+0x9c/0x150
[ 78.630490][ T5356] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 78.633278][ T5356] ? clear_bhb_loop+0x60/0xb0
[ 78.635303][ T5356] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 78.637886][ T5356] RIP: 0033:0x7f103e99038a
[ 78.639865][ T5356] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 78.649021][ T5356] RSP: 002b:00007f103f7d4e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 78.652489][ T5356] RAX: ffffffffffffffda RBX: 00007f103f7d4ef0 RCX: 00007f103e99038a
[ 78.655725][ T5356] RDX: 00002000000000c0 RSI: 0000200000000080 RDI: 00007f103f7d4eb0
[ 78.658926][ T5356] RBP: 00002000000000c0 R08: 00007f103f7d4ef0 R09: 0000000000818001
[ 78.662144][ T5356] R10: 0000000000818001 R11: 0000000000000246 R12: 0000200000000080
[ 78.665509][ T5356] R13: 00007f103f7d4eb0 R14: 0000000000005968 R15: 0000200000000480
[ 78.668918][ T5356]
[ 78.670721][ T5356] Kernel Offset: disabled
[ 78.672730][ T5356] Rebooting in 86400 seconds..