program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000008c0)={0x14, 0x26, 0x9, 0x80001, 0x80, {0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x400c801}, 0x4000000) (async, rerun: 32)
syz_mount_image$bcachefs(&(0x7f0000000180), &(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x800000, &(0x7f00000001c0)={[{@noexcl}, {@discard}, {@recovery_pass_last={'recovery_pass_last', 0x3d, 'fix_reflink_p'}}, {@fsck}, {@recovery_pass_last={'recovery_pass_last', 0x3d, 'reconstruct_snapshots'}}, {@nocow}, {@fix_errors={'fix_errors', 0x3d, 'ask'}}, {@nocow_enabled}, {@shared_inode_numbers}, {@fix_errors={'fix_errors', 0x3d, 'yes'}}]}, 0x1, 0x59a9, &(0x7f0000006040)="$eJzs3W2QXFWdMPBzu3syb5lkEkAiyGQIoAhqJrw9+FIafXwrQCoUlhIeFAYywWgSUkkQCCjBB3ygeCm0tBT1A1pIPWh0qYJVIiWCbGAVpVhdagspZRf94BaypASylOs6Wz19T8/Mnb5ze3p6QgK/XyVz+5y+/T/n3nv69v2f7pkOAAAAvCo8dM2WPacf8r6ff27kxSs/+KMNV4Xe8lh9V1yhP11e+nL1kL2ps7JkbJkdF2+4/Dt/GLzgPT+7s+fbL+1ac/ja37z3gAvu/eQpO2/5+gMv9N39t6eL4sbxdMx4OXk2CaHrx7u//PldjxxcrauOvHLSvz2ERcniBxYlmRBDfwkhrKn3c/Kdd714/Nrq8qrrOyfVL8wEMd5f3arHuTqwtu255Njwu3evvvqXS7//vY4dz2wfXyXpmjCeQlhw3sTHd4QQutP/VXG0LYkPTperQgh9Ex53ckG/jmiy/8tzyoemy3npsrcgTrx/WaZcyqyXLUcdmWVPQXuzldePVtcrMj9Tzp6MZiuvn7F+Ubr8Ybo8Zobxy/XzaSgloVLv/vpkfIyECcctCcnYseyql0v1YxvS7c+Uk0y5lCmXOzLbNdZuOtDKSTK5Pq6XqY+n40paf/jEc3UDZ+bUvzZddqVP1JdiOWRv1PROuVHfrjGxX7un6cveUJpwDmpUXz/w6cHoTe/rTRZPecxoA/G+Xatv6J6uH8mdSRo/GWtzpvG3/WLR/I9/97qLl+TFP6+Uxv+v0VbiP3Xqo8+dfd23vpYb/+YYv9xS/4+7r+fZUx+8Zll/Xvzdcf9UWoo//PTDNy498Pwduf2/Ncbvain+yp2Pdvbtue/+nPAhGYr7p7ul+E++/f2/v+Pxe57J7p+43t+FGL+npfjn7Nx0U+fAnqNz9//9cf/0thT/qed3nPTEwMAfB/PiPxbj97UU//btt7zttoXXn5J7fFfF/dPfUvzTjrz36vl77jks79yZ3NquV06AV6cD0musa9Nyq3nmbE3IF746WKldB85P//e1s6HMxWe1nQXVG6ONrkoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDUHHfuPH/i3j/Q/W0nLnemNJ0u1ZayfF0LSHULYsnV489Z1Gy8c/ORFF2/eOLx+cHjr4MjGrZsvGzzhTYObRzatH76seu/Qm48PIXSEsDgkY49fnBw2pe3O0dHRUv/kutje/z5yx++OOvnf/xTC0EG/Hqjk9n/5LRtuO7DBz4xk5ei7Nlx8+q9P/Ga6Xf1pv/ob9Gt0dHQ05PTrP876621f3P2Ho0MYes10/Xr4yXf+ZFKHxirG46RKnaHWoc6kp2E/6r1O+xP3V2XtuvUjQ9Pv3+rjyznb8X8uf+Yvay/9wl9r+7crdzua3L/dK0fXl76y+rT//soVtYqifr1cx71of8etiP2L+68r3d8L0u1akLNdlZztuuaX9z/+40Oue2F7GKo8v3Rq20Xb1ZEOgI7ktU21G1voSRZNqu9K149HPD5u+dYNm5ZvuWzbm9dtGL5w5MKRjW9dccKKk4ZOPOnE5WNbvrzN2x/bf32T2793xtPCT2//YfzZ3Hgq6lfR/qj2q3h/TOxR3vOv58zPf+mttzx4eq2iaJzHtevnk3TZUz3OK8KE8TZ1XzXarqL9EEIYbLQfnnvhlHDwv6y7uug8NPHITPyZkawcfWTZn7958jeWvKNWsVfO8xM71OJ5vt7r8f6M7a+u9HiM7qP7tzOU0+3qbdivFY882HHDQ3/6TL1/8+aFS4e3bt28ovZzftrT+cmhDfuVrY3btXTsZzmkuyXUh2mD8RrGLkVq/cueP+Pq2b3am97Xmyyub07nhO3KiivtWn3DUeVzfvpQ3p5O7qy12B36asvkdTlrrs88sFzvcKP299XnX9H4GPjAN+7+yN0/OGHK+Diu9rNou5Kc7fr+47d/6dtf+H8/aN92feCdj/b/+befOKpWsb+cV+q9TvuTTDyvHBdC0fNvaWi8HbnPv1Lj7Sl6/mXbGV+/cbzBTLk3lLPP17rpnq/H3dfz7KkPXrMs9/m6u9nn6xWTSuWC5+u+Mn6yz6+kMrkfc/f8mjRQkpWjP7v2gO0PXLnqkFpF0biur91oXB/fRP6Rs10/OfuJgYsG/+8/t++88Z033XXub4ZXfrZW0fpxj31pz3HvSvdvV87+rfc65p0T9+9bLrho/Zpa/b57/ZsuC/KfeCrZctm2Tw2vXz+yeUtz29Xs62lsJ7uXW309jWe3xQXbVZqyXXN3o5n91ezzLfZ/Tcv7a/LzrTckLb0ubPvFovkf/+51F/dPeVTa0HmlNH6ppfhPnfroc2df962v5ca/OcavtBR/+OmHb1x64Pk7cuPfmqTxu1qKv3Lno519e+67Pzf+UOx/d0vxn3z7+39/x+P3PJMbP8T4va3t/+d3nPTEwMAfc+M/lqTtVK+RQrjrxePX1spJ6Eifb7EfHZP6FbLlJFMuZcrlieVSba613kA5SSbXx/XS+sMn9KWRj+bUx6uwriW15UuxHLI3pq/f15QmnPsb1RddpwIAvNLF9//jNWh8/38kvVDKn2mAcbPNw5bkxI152Ph8zrxJ9y9J48fHx3nAgbeEoeryqsHahf5M30eIz4fsPGds5+gjJsdodZ6zaP59WaYc+1WbL69MyENTU/OaSmhi/n1qO9PPv2c2v3h+fPDaKd0arM9blSf2Z7DWfk/D/oap/a1UI+SNj+y8WPw8x8CCsGqsvSbHR/ZzNPE4ZD9HE9s5JHPibPVzNLMdH7Hb04yPsS4Xv78x9fiFafbv+PFrHC17/GZwvLuq6zd4f7ZuuvNNs+/PtmHesOEpbe/NG87t+2HmJXPip0+wfX3eMNbH7ag0OZ/4kZz6ds0nxtNF7NfuafqyN5hPBF6pYv4fXyOq+X/1Avw/M+sVXYdmrxpjvNzPCZUb96co75j6Ob2ell7Hz9m56abOgT1H517n3N/s5342TSr1FHzup2g/HpUpF+7HnAmaonwv207Rfs9+LqM39LW032/ffsvbblt4/Sm5+31V7YW0eL9/aVKpr2C/7wf5QuP48oVXRb4w1/NnL1s+kn7waa7ykQ/n1M80H+mZcqO+XWP2u3ykY+/2CwDYf8T8v/7+WZr//2tcIb2OKMpbj8mUY7zcvDXn+iQvb/1Qurw0s35v+hsVM71uPu3Ie6+ev+eew3LzllubzUP//6RSf2Eempc3d09Zv7tB3pybR6xqz+fFc/OIep41uzwxt//1PHF2eXpu/Hqe3iCPLhfHj3l07v6p59GzmwfIjV+fB9jf89yC+bpMY7HY7HzdKzaPTn99tppH//aM9ufRZ+bUzzSP7p1yo75dY+TRAAAvr5j/x8u4mP8/mFlvtu+z5+YFbbpuz/49kHr8x/ZWXjmHed//mv37v8V561zn9XM9L7G/58Wz+zxF8bzQ3M6T7Qt5cZiD95ebzovTRifnxeM9kRcDALAviPl/d1rOz/9nl580yt86JuUn+3F+3obPZ8vPJ4u/HrLv5Of7+/zXPp3/vy/s7/l/LIfsjZrW8/+9+xdY5P8AAK9sMf+Pv/YY//7fP6Tl7N+tl6fnxH+V5unxPnl6u/L09s+zBZ8DeHnnAbrH1/c5AAAAXg4dY5nS1N+z/1i6zP6efd7v5Z+ds36zKunl8flbN4+MnHvxpjXDW0fO3XjRmpEt516yed3WrSMba+vNNm/MzVvSvLEjVNL90Xi9bN62MH1fbmHO30PIrh/DHjp2Y+rfQ8g2213wdwTGj19z/c07fqVp1m80PvKOd178j+asH9WP/wWfOO7ctVvOXbdx3dZ1w+vXbRuZvF41a+2Zwfdmxt0yo+9LffjJ7dUhM3Zr7FszM0oz//7OFvsx6ceUPy5cqu7vJPf4V/uRZPqxKO3JorzvP8jp98//6YufPnL0r3eEMHRQ+XUz7ffkkCtH//6skQ9tfejXm6r9L03b//qaab+Kvq80u37cnsr6i7ZsPXbtRRdvzH6jZGvifEapXp6j+Yz06V9ucn7inJz6mX5OoTzlxr6p6fkJAAAmie//x+vZ+P7hF9ILqFjffJ4+u/ePc/P0oeby9Oz3khXl6dn14/Y2m6d3zTJPz7ZflKc3Wr9Rnp6Xd+fF/3DO+jPV/DiZ3ec8csfJec2Nk+z3GRSNk+z6Mx0nySzHSbb9onHSaP1G4yTvuOfFPyNn/TzNj4fZfS4ndzzc3Nx4eGOmXDQesuvPdDyUZjkesu0XjYdG6zcaD9nj21kQ//TM+jM1eXxUB8bYuBg595KLNn9qwnpz/f0Xs+/f3H7/R6ua7//cfu5r7vs/t58rm/v+z+5zZbn9f2x2M2HN939uv9+lVXttvjb9sFnR58+K5nFX59TPdB533pQb+ybzuPDyifl/fLsn5v/Xp8t2vw20/39Pmu8xaxi/Td9jVnQd4/V8msb2AV7PAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJrTWVkytnzomi17Tj/kfT//3MiLV37wRxuuesPl3/nD4AXv+dmdPd9+adeaw9f+5r0HXHDvJ0/ZecvXH3ih7+6/PV0YuH/sZ+WYtNgVQvJsEkLXj3d/+fO7Hjm4WpeEEMpJ//YQFiWLH1iUZCIM/SWEsKbez8l33vXi8Wury6uu75xUvzATJLtdobcc+zOxnyFcWrhF7Ie60nG2bc8lx4bfvXv11b9c+v3vdex4Zvv4KklXCDeNjo6urRUXnDfx8R0hhO70f1UcbUvig9PlqhBCz4THnVzQryOa7P/ynPKh6XJeuuwtiBPvX5YplzLrZctRR2bZU9DebOX1o9X1iszPlLMno9nK62esX5Quf5guj5lh/HL8n4RSEir17q9PxsdICJX6cUtCMnYsu+rlUv3YhnT7M+UkUy5lyuWOzHaNtZsOtHKSTK6P62Xq4+m4ktYfPvFc3cCZOfWvTZdd6RP1pVgO2Rs1vVNu1LdrTOzX7mn6sjeUJpyDGtXXD3x6MHrTut5k8ZTHjDYQ79u1+oajyuf89KH+nH4kdyZp/KSl+Nt+sWj+x7973cVL8uKfV0rjl1qK/9Spjz539nXf+lpu/Jtj/HJL8Y+7r+fZUx+8Zlnu/tkd90+lpfjDTz9849IDz9+R2/9bY/yuluKv3PloZ9+e++7P7f9Q3D/dLcV/8u3v//0dj9/zTG78EOP3tBT/nJ2bbuoc2HN0bvz74/7pbW38PL/jpCcGBv44mBf/sRi/r+n4X+4ej3/79lvedtvC60/JPb6r4v7pb6n/px1579Xz99xzWN65M7m1Xa+cAK9OB6TXWNem5YI8sz5vkc0zZ2tCvvDVwUrtmm9++r+vnQ1lVNtZMIfxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4ZfrVFSd87Kx3nbG6koSQ5Kwz2kC8rzxv5crBFtodfvrhG5ceeP6OiXVLWogDAAAAFIt5eKle0xWWhEuS7nBow/XjHMGhsZRMrs/OIcQ42TmCVuOU2hSn3KY4lTbF6WhTnHltitPZpjhdBXG6QnNxuqeJU6mOiib709M4TnoYm4/TO+12NR9nfpvi9LUpzoI2xVnYpjj908ZpfhwualOcxW2Kc0Cb4hzYpjgHtSnOa9oU5+A2xcnOKc90HPalax6SF2fsRrkwTiUp1+9oNJ9+cNrOYbNsp7egnb6i1+Mm2+lusp0jMo8rzbCdribbef0s20mabOeNs2ynVNBOHLeXZvsX24mlJsf/ZW2Ks61NcS5vU5wr2hTnM22K89k2xblylnEAmhXz//F8rz90Vt4RetIzTnYWIOa7S8d+Tn29yzshxXivy9TPK4qXTdQz8ZbOtH/ZCYRMvGWZ+o5J8Sr1fGSaeF0T4x2VubNwe7MTCpn+HZOp7yyKl51YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA59KsrTvjYWe86Y3VIQvVfQ6MNxPvK81auHGyh3V2rbziqfM5PH5pY11lpIRAAAABQKObhHfWartBZWRE6k3mT1utK5wG60nK5v7YcWBBWVZfJYGms3JMsmvZxlfRxy7du2LR8y2Xb3rxuw/CFIxeObHzrihNWnDR04kknLl+7bv3IUO1nCJ2N4i0cL68MYWz6Yctl2z41vH79yOYttfps/5ek/ViSlpP0cQNvCUPV5VVp/xcX9L80pb25u1F89AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgf9i1uxi5qjoA4OfOzM4MC5U1fA0NXSb9IFWJtnUxRQlzExNJoG26ITEz6EqqtJG4pQ20pOIITQRsozGBNGlq+mBNJYLEFz6EGPlIkxpEm7i1MUCUB33QgGIKqUZLxnRn7nx1prMODW3x93u4987//M/53zMPm/zPDgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD7a6Y6MVUuTVZGoxCiPjm1HpKxdDaOi0PU/eKzm7+XGz+2tD2WywyxEAAAADBQ0oePNCP5kMukQzpcPvtpYWgbCK2+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P8zU52YKpcmK+dHIUR9cmo9JGPpbBwXh6j7+tuPf+qV8fG/tMcKQ6wDAAAADJb04almJB8KYVEYiS7vyEvOBuZ3ze/OS9ZZMMe87rODfnmL5ph31RzzPjIgb03jvi0AAADAuS/p/zPNyFjIZeb17f8H9fVJ3pVdeenGfZjfCgAAAADvTdL/55qRQshlCs1+fa79/sKuvGT+oP/bJ/OXtELntY8P+n/+6sbd/+kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4NwxU52YKpcmK+kohKhPTq1WS7Ue65KxdDaOi0PUXfHc6N9uOvDAwvZYLjPEQgAAAMBASR/ear3zIZcZDSPh/Nlmf/yGvU9+/smnJ0II9TY/mw3b1m3ZcueK+jXJW/7ygZHvHnzzmyflLa9fz9gGAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA02amOjFVLk1WzotCiPrk1HpIxtLZOC4OUfe1z3zuT48eeeaN9lhhiHUAAACAwZI+vNX750MhZEM2XDr7qb3XPyHVNb/fmQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwwXHX1+/52rrp6fV3evDg4fQ85EMIZ8FrvLeHM/2XCQAAON2uDFGo/Y8uW3um3xoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgbzFQnpsqlyUo+CiHqk1PrIRlLZ+O4OETd+NlDuXnHnnuhPVYYYh0AAABgsKQPb/X++VAII2EkXDL7qdeZwGz/P/Y+viQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwVpmpTkyVS5OVeVEIUZ+cWg/JWDobx8W+q+f7jjyyfc+n91/4nRvbY7nMUFsAAAAABkj68Gwzkg+5zEdDLlzR+DzdOSFKN+69zwVa8zZ3TBud87xqx7z0nOftqN++nMzMNHZTn5ecRKTH6vfmvOKOrm8kE4pt8wqhWb7YMS/s6pg1b8B7BgAAADiDkv4/14yMhVwm19bn/rgjf0yfCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0MVOdmCqXJitRFELUJ6fWQzKWzsZxcYi69/z6wxd86Sc7t7bHCkOsAwAAAAyW9OGt3j8fCmFB+FBYMNv3h7HO/CTv7+Xj+x/+x5+XhrDs0sPjme5lf5A8/PK165/vvoSQ6sxOhXBho17Up96vfvvw3Ytrxx8NYdkl6StOqhdOXa+ufnLxz3/FtafK61dvOXh489y+IwAAADjXJf3/SDMyFnKZO/r2/0nnPaD/b5ptwC+8e/vPLm5cGx1514zUWKNeqk+9zy5+/I9LVv71zRP9/6nqfWLPxv0XdxSsR7pEca20ceuaw9fsSyW7rtdPd9VPvpcvfOONf2/Y9tDxev18yDfi8zO96p987XJeXJtO7a6send3tbN+ps/+H/jNC0d+MX/nOyfqv33laLP+VafY/6nrj9784K5r9xxY01k/hFDsVf+td24Ml/3+9vu79z/atXD7N99+7RLF/6ktPLpv5d7CdZ31o676yff/0yOP7PrRQ99+Oqmf/FZk6aK51k911q+9tOOi7S/et3Z+Z/1Un/0/f8sr45uK3/pd9/5v61g10/ctTtp/7bGrn7j11XXxvd1DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHywz1YmpcmmykopCiPrk1HpIxtLZOC4OUff1mw69dcvOH36/PVYYYh0AAABgsKQPb/X++VAI2ZANo7N9/1Pl9au3HDy8OYzVR6PGPTO96a4tH9uwaesdt52hNwcAAADmKun/M83IWMhlFoeRRv9f2rh1zeFr9qWS/j+V9P8bbp9evyw0817acdH2F+9bO795ThDC7M8C8ifyPtnKu+H6Q2NH//DVJT3zVrTyXl54dN/KvYXrkrzQnrc8NM8nHrv6iVtfXRff23y/9ryPf2XTdON4Ill39OYHd12758Ca5j4a99HGuknedGp3ZdW7u6tJXrpxzzf2DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcbKY6MVUuTVZCOoSoT06th2QsnY3j4hB1Vy3++f0XHHtmQXsslxliIQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sgMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYX9+guRqorjAH7OzG477uzqrgZtRetqRWEPSUFEvVRUhEYIPRkSluZDFAQRhT20hkZiRS9B1otEBdUWQkFukmixRv+klx4qKLAeApEWyk16aGNnzh1nr3ObulpQfj4wnP2dufd7f/feM3d2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhP6esZaYwHtz04c9t5N33y+D3HHrvlvfu3XPLo6z+Mbbjh4939rxyf2rhs09c3Ltmw995VkztfPPDL4Du/H+4a/EhzWJHKWgjxaAyh9v70c09MfXrO3FwMIVTj0HgIw3HxgeGYS1j5WwhhY6vP+W++fezKTXPjlh198+YX5ULy5xXq1ayfpqH5/fL/UkvrbPPMw5eFb69fu/XzpW+92TtxZPzEJrHWtp5CWLi+ff/eEMKC9JqTrbaRbOc0rgkh9Lftd3WXvi78i/1fXlCfn8az0ljvkpO9vzxXV3Lb5etMb25snuuvs7OzXQ5cUlEfZbfrZiBX5x9Gp6qoz2x+OI3vpnHF38yvZq8YKjH0tNq/L55YI6FtjcYQG/ey1qorrXsb0vnn6pirK7m62ps7r8Zx00Krxjh/PtsuN589jnvS/LL2Z3UHtxfMn5vGWvqgHs/qkP+jqX7SH63zasj6mv6TXv4NlbZnUKf51o1PN6Oe5upx8Un7zHaQvTe19qmLq+s+ODhU0EfcHVN+LJW/+bPhgTvf2P7QSFH++krKr5TK/271oZ/u2P7SC4X5z2b51VL5V+zrP7r6w23LC6/PdHZ9ekrl33X4o6eXnn33RKd73cjfleXXSuVfN3mob3Bm3/7C/ldm12dBqfxvrr35+9e+3HOkMD9k+f2l8tdNPvBM3+jMpYX5+5sfhXpjhZZYPz9PXPXV6OiPY0X5X2TXf7BDfuya/+r4zmteXrRjVeH6XJNdn6FS/d960d6tAzN7Lih6dsZdp+ubE+DMtCT9j/Vkqsv+zjxVbb8Xnh/raX4DDaTX4Ok8UM7ccRb+g/kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7ADByQAAAAAgv6/bkegAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8FQAA//9JATCY") (rerun: 32)
[ 150.838779][ T5321] Bluetooth: hci0: command tx timeout
[ 151.366579][ T5343] loop0: detected capacity change from 0 to 32768
[ 151.555422][ T5343] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,fsck,fix_errors=yes,recovery_pass_last=reconstruct_snapshots,nojournal_transaction_names,noexcl,nocow
[ 151.555437][ T5343] allowing incompatible features above 0.0: (unknown version)
[ 151.555442][ T5343] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[ 151.599643][ T5343] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[ 151.605175][ T5343] bcachefs (loop0): invalid bkey in superblock btree=snapshots level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key U64_MAX:0:0 durability: 0 ptr: 0:32:10 gen 0 cached unwritten
[ 151.605218][ T5343] pointer spans multiple buckets (10 + 256 > 256), deleting
[ 151.619769][ T5343] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[ 151.622820][ T5343] bcachefs (loop0): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.28: inode_has_case_insensitive
[ 151.622820][ T5343] running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes
[ 151.634733][ T5343] bcachefs (loop0): invalid btree id 251 (max 63), fixing
[ 151.697220][ T5343] bcachefs (loop0): btree node read error at btree xattrs level 0/0
[ 151.697260][ T5343] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 1 ptr: 0:31:0 gen 0
[ 151.697269][ T5343] loop0 node offset 0/16 bset u64s 0: incorrect max key U64_MAX:18374686479671623680:50331647
[ 151.697276][ T5343] running recovery pass check_lrus (14), currently at recovery_pass_empty (0)
[ 151.697284][ T5343] running recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0)
[ 151.697291][ T5343] running recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0)
[ 151.697299][ T5343] ret btree_node_read_validate_error
[ 151.733566][ T5343] bcachefs (loop0): error reading btree root btree=xattrs level=0: btree_node_read_error, fixing
[ 151.745247][ T5343] bcachefs (loop0): btree node read error at btree backpointers level 0/0
[ 151.745264][ T5343] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4a8b0fa43a9980a6 written 24 min_key POS_MIN durability: 1 ptr: 0:37:0 gen 0
[ 151.745272][ T5343] loop0 node offset 0/24 bset u64s 0: invalid bkey format: field 2 too large: 4294967295 + 2251799813685248 > 4294967295
[ 151.745279][ T5343] u64s 3 fields 64:0, 64:0, 32:2251799813685248, 0:0, 0:0, 0:0
[ 151.745285][ T5343] flagging btree backpointers lost data
[ 151.745291][ T5343] running recovery pass check_btree_backpointers (15), currently at recovery_pass_empty (0)
[ 151.745298][ T5343] ret btree_node_read_validate_error
[ 151.779198][ T5343] bcachefs (loop0): error reading btree root btree=backpointers level=0: btree_node_read_error, fixing
[ 151.791494][ T5343] bcachefs (loop0): check_topology...
[ 151.792069][ T5343] bcachefs (loop0): btree root xattrs unreadable, must recover from scan
[ 151.799440][ T5343] bcachefs (loop0): no nodes found for btree xattrs, continuing
[ 151.803852][ T5343] done
[ 151.805077][ T5343] bcachefs (loop0): accounting_read... done
[ 151.811687][ T5343] bcachefs (loop0): alloc_read... done
[ 151.814845][ T5343] bcachefs (loop0): snapshots_read... done
[ 151.819682][ T5343] bcachefs (loop0): check_allocations...
[ 151.822622][ T5343] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap
[ 151.822648][ T5343] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing
[ 151.842563][ T5343] bcachefs (loop0): bucket 0:26 data type btree ptr gen 0 missing in alloc btree
[ 151.842577][ T5343] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing
[ 151.855986][ T5343] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap
[ 151.856008][ T5343] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing
[ 151.869790][ T5343] bcachefs (loop0): bucket 0:38 data type btree ptr gen 0 missing in alloc btree
[ 151.869806][ T5343] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing
[ 151.883308][ T5343] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap
[ 151.883323][ T5343] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 0 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing
[ 151.896449][ T5343] bcachefs (loop0): bucket 0:35 data type btree ptr gen 0 missing in alloc btree
[ 151.896469][ T5343] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 0 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing
[ 151.909477][ T5343] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap
[ 151.909497][ T5343] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing
[ 151.937068][ T5343] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree
[ 151.937086][ T5343] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing
[ 151.950969][ T5343] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing
[ 151.956409][ T5343] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 151.962599][ T5343] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing
[ 151.966620][ T5343] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 151.973332][ T5343] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing
[ 151.977972][ T5343] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 151.983332][ T5343] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing
[ 151.987973][ T5343] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 151.994842][ T5343] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing
[ 152.003450][ T5343] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 152.009652][ T5343] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing
[ 152.016611][ T5343] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 152.021885][ T5343] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing
[ 152.026240][ T5343] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing
[ 152.033353][ T5343] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing
[ 152.038020][ T5343] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing
[ 152.044466][ T5343] bcachefs (loop0): bucket 0:9 gen 0 has wrong data_type: got free, should be journal, fixing
[ 152.049462][ T5343] bcachefs (loop0): bucket 0:9 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing
[ 152.055176][ T5343] bcachefs (loop0): bucket 0:10 gen 0 has wrong data_type: got free, should be journal, fixing
[ 152.061522][ T5343] bcachefs (loop0): bucket 0:10 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing
[ 152.067446][ T5343] bcachefs (loop0): bucket 0:11 gen 0 has wrong data_type: got free, should be journal, fixing
[ 152.067460][ T5343] Ratelimiting new instances of previous error
[ 152.075973][ T5343] bcachefs (loop0): bucket 0:11 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing
[ 152.075987][ T5343] Ratelimiting new instances of previous error
[ 152.095221][ T5343] done
[ 152.097138][ T5343] bcachefs (loop0): going read-write
[ 152.235959][ T5343] bcachefs (loop0): journal_replay...
[ 152.237861][ T53] bcachefs (loop0): u64s 13 type alloc_v4 0:37:0 len 0 ver 0:
[ 152.237890][ T53] gen 0 oldest_gen 0 data_type need_discard
[ 152.237896][ T53] journal_seq_nonempty 6
[ 152.237901][ T53] journal_seq_empty 0
[ 152.237907][ T53] need_discard 1
[ 152.237913][ T53] need_inc_gen 1
[ 152.237919][ T53] dirty_sectors 0
[ 152.237925][ T53] stripe_sectors 0
[ 152.237930][ T53] cached_sectors 0
[ 152.237935][ T53] stripe 0
[ 152.237940][ T53] stripe_redundancy 0
[ 152.237945][ T53] io_time[READ] 1
[ 152.237950][ T53] io_time[WRITE] 1024
[ 152.237955][ T53] fragmentation 0
[ 152.237962][ T53] bp_start 8
[ 152.237967][ T53]
[ 152.237973][ T53] incorrectly set at freespace:0:37:0 (free 0, genbits 0 should be 0), fixing
[ 152.295275][ T53] bcachefs (loop0): u64s 12 type alloc_v4 0:42:0 len 0 ver 0:
[ 152.295292][ T53] gen 0 oldest_gen 0 data_type btree
[ 152.295298][ T53] journal_seq_nonempty 7
[ 152.295304][ T53] journal_seq_empty 0
[ 152.295309][ T53] need_discard 1
[ 152.295315][ T53] need_inc_gen 1
[ 152.295320][ T53] dirty_sectors 256
[ 152.295326][ T53] stripe_sectors 0
[ 152.295331][ T53] cached_sectors 0
[ 152.295337][ T53] stripe 0
[ 152.295343][ T53] stripe_redundancy 0
[ 152.295348][ T53] io_time[READ] 1
[ 152.295354][ T53] io_time[WRITE] 1280
[ 152.295359][ T53] fragmentation 0
[ 152.295364][ T53] bp_start 7
[ 152.295414][ T53]
[ 152.295419][ T53] incorrectly set at freespace:0:42:0 (free 0, genbits 0 should be 0), fixing
[ 152.341319][ T53] ==================================================================
[ 152.345892][ T53] BUG: KASAN: slab-use-after-free in bch2_bucket_alloc_trans+0x1aa0/0x2410
[ 152.349887][ T53] Read of size 8 at addr ffff88803fde0120 by task kworker/u4:4/53
[ 152.353107][ T53]
[ 152.354114][ T53] CPU: 0 UID: 0 PID: 53 Comm: kworker/u4:4 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full)
[ 152.354129][ T53] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 152.354137][ T53] Workqueue: btree_node_rewrite async_btree_node_rewrite_work
[ 152.354185][ T53] Call Trace:
[ 152.354193][ T53]
[ 152.354200][ T53] dump_stack_lvl+0x189/0x250
[ 152.354259][ T53] ? __virt_addr_valid+0x1c8/0x5c0
[ 152.354272][ T53] ? rcu_is_watching+0x15/0xb0
[ 152.354289][ T53] ? __kasan_check_byte+0x12/0x40
[ 152.354300][ T53] ? __pfx_dump_stack_lvl+0x10/0x10
[ 152.354318][ T53] ? rcu_is_watching+0x15/0xb0
[ 152.354333][ T53] ? lock_release+0x4b/0x3e0
[ 152.354349][ T53] ? __virt_addr_valid+0x1c8/0x5c0
[ 152.354360][ T53] ? __virt_addr_valid+0x4a5/0x5c0
[ 152.354371][ T53] print_report+0xd2/0x2b0
[ 152.354384][ T53] ? bch2_bucket_alloc_trans+0x1aa0/0x2410
[ 152.354398][ T53] kasan_report+0x118/0x150
[ 152.354408][ T53] ? bch2_bucket_alloc_trans+0x1aa0/0x2410
[ 152.354422][ T53] bch2_bucket_alloc_trans+0x1aa0/0x2410
[ 152.354441][ T53] ? bch2_bucket_alloc_trans+0xcb4/0x2410
[ 152.354458][ T53] ? __pfx_bch2_bucket_alloc_trans+0x10/0x10
[ 152.354475][ T53] ? bch2_bucket_alloc_trans+0xcb4/0x2410
[ 152.354490][ T53] ? bch2_bucket_alloc_set_trans+0x1eb/0xe70
[ 152.354505][ T53] bch2_bucket_alloc_set_trans+0x5a6/0xe70
[ 152.354523][ T53] ? bch2_bucket_alloc_set_trans+0x1eb/0xe70
[ 152.354538][ T53] ? __open_bucket_add_buckets+0x783/0x1e40
[ 152.354557][ T53] __open_bucket_add_buckets+0x1437/0x1e40
[ 152.354581][ T53] open_bucket_add_buckets+0x2ee/0x440
[ 152.354598][ T53] bch2_alloc_sectors_start_trans+0xd26/0x1e80
[ 152.354614][ T53] ? __mutex_unlock_slowpath+0x1cd/0x700
[ 152.354675][ T53] bch2_btree_reserve_get+0x641/0x1810
[ 152.354694][ T53] ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 152.354704][ T53] ? __pfx_bch2_btree_reserve_get+0x10/0x10
[ 152.354719][ T53] ? __pfx___bch2_disk_reservation_add+0x10/0x10
[ 152.354734][ T53] ? bch2_btree_update_start+0xadb/0x1dc0
[ 152.354750][ T53] bch2_btree_update_start+0x147e/0x1dc0
[ 152.354765][ T53] ? bch2_btree_path_traverse_one+0x91e/0x21d0
[ 152.354784][ T53] ? bch2_btree_node_rewrite+0x17e/0x1120
[ 152.354800][ T53] ? __pfx_bch2_btree_update_start+0x10/0x10
[ 152.354818][ T53] ? bch2_btree_path_traverse_one+0x91e/0x21d0
[ 152.354834][ T53] ? async_btree_node_rewrite_work+0x1e1/0x840
[ 152.354852][ T53] ? bch2_btree_iter_peek_node+0x566/0xbe0
[ 152.354863][ T53] ? bch2_btree_iter_verify+0x1d/0x360
[ 152.354874][ T53] bch2_btree_node_rewrite+0x17e/0x1120
[ 152.354894][ T53] async_btree_node_rewrite_work+0x370/0x840
[ 152.354914][ T53] ? __pfx_async_btree_node_rewrite_work+0x10/0x10
[ 152.354931][ T53] ? async_btree_node_rewrite_work+0x1d2/0x840
[ 152.354947][ T53] ? _raw_spin_unlock_irq+0x23/0x50
[ 152.354962][ T53] ? process_scheduled_works+0x9ef/0x17b0
[ 152.354978][ T53] ? process_scheduled_works+0x9ef/0x17b0
[ 152.354992][ T53] process_scheduled_works+0xae1/0x17b0
[ 152.355014][ T53] ? __pfx_process_scheduled_works+0x10/0x10
[ 152.355032][ T53] worker_thread+0x8a0/0xda0
[ 152.355047][ T53] kthread+0x70e/0x8a0
[ 152.355060][ T53] ? __pfx_worker_thread+0x10/0x10
[ 152.355075][ T53] ? __pfx_kthread+0x10/0x10
[ 152.355087][ T53] ? _raw_spin_unlock_irq+0x23/0x50
[ 152.355100][ T53] ? lockdep_hardirqs_on+0x9c/0x150
[ 152.355142][ T53] ? __pfx_kthread+0x10/0x10
[ 152.355154][ T53] ret_from_fork+0x3fc/0x770
[ 152.355169][ T53] ? __pfx_ret_from_fork+0x10/0x10
[ 152.355184][ T53] ? __pfx_kthread+0x10/0x10
[ 152.355196][ T53] ret_from_fork_asm+0x1a/0x30
[ 152.355212][ T53]
[ 152.355216][ T53]
[ 152.513541][ T53] Allocated by task 53:
[ 152.515321][ T53] kasan_save_track+0x3e/0x80
[ 152.517312][ T53] __kasan_kmalloc+0x93/0xb0
[ 152.519357][ T53] __kmalloc_node_track_caller_noprof+0x271/0x4e0
[ 152.522121][ T53] krealloc_noprof+0x124/0x340
[ 152.524569][ T53] __bch2_trans_kmalloc+0x26c/0xc80
[ 152.527273][ T53] bch2_alloc_sectors_start_trans+0x1d59/0x1e80
[ 152.530160][ T53] bch2_btree_reserve_get+0x641/0x1810
[ 152.532476][ T53] bch2_btree_update_start+0x147e/0x1dc0
[ 152.534841][ T53] bch2_btree_node_rewrite+0x17e/0x1120
[ 152.537230][ T53] async_btree_node_rewrite_work+0x370/0x840
[ 152.539749][ T53] process_scheduled_works+0xae1/0x17b0
[ 152.542604][ T53] worker_thread+0x8a0/0xda0
[ 152.545320][ T53] kthread+0x70e/0x8a0
[ 152.547487][ T53] ret_from_fork+0x3fc/0x770
[ 152.549438][ T53] ret_from_fork_asm+0x1a/0x30
[ 152.551568][ T53]
[ 152.552652][ T53] Freed by task 53:
[ 152.554361][ T53] kasan_save_track+0x3e/0x80
[ 152.556436][ T53] kasan_save_free_info+0x46/0x50
[ 152.558522][ T53] __kasan_slab_free+0x62/0x70
[ 152.560703][ T53] kfree+0x18e/0x440
[ 152.562737][ T53] krealloc_noprof+0x1cd/0x340
[ 152.565397][ T53] __bch2_trans_kmalloc+0x26c/0xc80
[ 152.568022][ T53] __bch2_trans_subbuf_alloc+0x2da/0x460
[ 152.570420][ T53] bch2_trans_log_str+0xd5/0x3c0
[ 152.572517][ T53] __bch2_fsck_err+0xc11/0xfb0
[ 152.574588][ T53] bch2_check_discard_freespace_key+0x71b/0xce0
[ 152.577182][ T53] bch2_bucket_alloc_trans+0x1333/0x2410
[ 152.579719][ T53] bch2_bucket_alloc_set_trans+0x5a6/0xe70
[ 152.583150][ T53] __open_bucket_add_buckets+0x1437/0x1e40
[ 152.586078][ T53] open_bucket_add_buckets+0x2ee/0x440
[ 152.588504][ T53] bch2_alloc_sectors_start_trans+0xd26/0x1e80
[ 152.590962][ T53] bch2_btree_reserve_get+0x641/0x1810
[ 152.593227][ T53] bch2_btree_update_start+0x147e/0x1dc0
[ 152.595602][ T53] bch2_btree_node_rewrite+0x17e/0x1120
[ 152.597999][ T53] async_btree_node_rewrite_work+0x370/0x840
[ 152.600908][ T53] process_scheduled_works+0xae1/0x17b0
[ 152.604102][ T53] worker_thread+0x8a0/0xda0
[ 152.606163][ T53] kthread+0x70e/0x8a0
[ 152.607910][ T53] ret_from_fork+0x3fc/0x770
[ 152.610152][ T53] ret_from_fork_asm+0x1a/0x30
[ 152.612212][ T53]
[ 152.613485][ T53] The buggy address belongs to the object at ffff88803fde0000
[ 152.613485][ T53] which belongs to the cache kmalloc-512 of size 512
[ 152.620764][ T53] The buggy address is located 288 bytes inside of
[ 152.620764][ T53] freed 512-byte region [ffff88803fde0000, ffff88803fde0200)
[ 152.626448][ T53]
[ 152.627525][ T53] The buggy address belongs to the physical page:
[ 152.630134][ T53] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3fde0
[ 152.633915][ T53] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 152.638008][ T53] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[ 152.641633][ T53] page_type: f5(slab)
[ 152.648749][ T53] raw: 04fff00000000040 ffff88801a441c80 dead000000000100 dead000000000122
[ 152.652230][ T53] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[ 152.656217][ T53] head: 04fff00000000040 ffff88801a441c80 dead000000000100 dead000000000122
[ 152.661000][ T53] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[ 152.664753][ T53] head: 04fff00000000001 ffffea0000ff7801 00000000ffffffff 00000000ffffffff
[ 152.668357][ T53] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 152.672105][ T53] page dumped because: kasan: bad access detected
[ 152.675661][ T53] page_owner tracks the page as allocated
[ 152.678835][ T53] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5316, tgid 5316 (udevd), ts 144960024381, free_ts 131937573420
[ 152.687972][ T53] post_alloc_hook+0x240/0x2a0
[ 152.690119][ T53] get_page_from_freelist+0x21e4/0x22c0
[ 152.692397][ T53] __alloc_frozen_pages_noprof+0x181/0x370
[ 152.694935][ T53] alloc_pages_mpol+0x232/0x4a0
[ 152.697098][ T53] allocate_slab+0x8a/0x3b0
[ 152.699238][ T53] ___slab_alloc+0xbfc/0x1480
[ 152.701925][ T53] __kmalloc_cache_noprof+0x296/0x3d0
[ 152.704912][ T53] kernfs_fop_open+0x397/0xca0
[ 152.706945][ T53] do_dentry_open+0xdf0/0x1970
[ 152.709138][ T53] vfs_open+0x3b/0x340
[ 152.710949][ T53] path_openat+0x2ee5/0x3830
[ 152.712826][ T53] do_filp_open+0x1fa/0x410
[ 152.714590][ T53] do_sys_openat2+0x121/0x1c0
[ 152.716510][ T53] __x64_sys_openat+0x138/0x170
[ 152.718223][ T53] do_syscall_64+0xfa/0x3b0
[ 152.719932][ T53] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 152.722676][ T53] page last free pid 5262 tgid 5262 stack trace:
[ 152.725927][ T53] __free_frozen_pages+0xc71/0xe70
[ 152.728076][ T53] __put_partials+0x161/0x1c0
[ 152.730160][ T53] put_cpu_partial+0x17c/0x250
[ 152.732256][ T53] __slab_free+0x2f7/0x400
[ 152.734280][ T53] qlist_free_all+0x97/0x140
[ 152.736454][ T53] kasan_quarantine_reduce+0x148/0x160
[ 152.738929][ T53] __kasan_slab_alloc+0x22/0x80
[ 152.741448][ T53] kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 152.743974][ T53] getname_flags+0xb8/0x540
[ 152.746074][ T53] vfs_fstatat+0x43/0x170
[ 152.747943][ T53] __x64_sys_newfstatat+0x116/0x190
[ 152.750116][ T53] do_syscall_64+0xfa/0x3b0
[ 152.752143][ T53] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 152.755103][ T53]
[ 152.756188][ T53] Memory state around the buggy address:
[ 152.758659][ T53] ffff88803fde0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 152.762611][ T53] ffff88803fde0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 152.766185][ T53] >ffff88803fde0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 152.769492][ T53] ^
[ 152.772183][ T53] ffff88803fde0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 152.776229][ T53] ffff88803fde0200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 152.779544][ T53] ==================================================================
[ 152.804155][ T53] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 152.807320][ T53] CPU: 0 UID: 0 PID: 53 Comm: kworker/u4:4 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full)
[ 152.811821][ T53] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 152.816835][ T53] Workqueue: btree_node_rewrite async_btree_node_rewrite_work
[ 152.820288][ T53] Call Trace:
[ 152.821790][ T53]
[ 152.823139][ T53] dump_stack_lvl+0x99/0x250
[ 152.825284][ T53] ? __asan_memcpy+0x40/0x70
[ 152.827536][ T53] ? __pfx_dump_stack_lvl+0x10/0x10
[ 152.830084][ T53] ? __pfx__printk+0x10/0x10
[ 152.832345][ T53] panic+0x2db/0x790
[ 152.834132][ T53] ? __pfx_panic+0x10/0x10
[ 152.836113][ T53] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 152.838655][ T53] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 152.841548][ T53] ? print_memory_metadata+0x314/0x400
[ 152.844608][ T53] ? bch2_bucket_alloc_trans+0x1aa0/0x2410
[ 152.847416][ T53] check_panic_on_warn+0x89/0xb0
[ 152.849405][ T53] ? bch2_bucket_alloc_trans+0x1aa0/0x2410
[ 152.851919][ T53] end_report+0x78/0x160
[ 152.853703][ T53] kasan_report+0x129/0x150
[ 152.855834][ T53] ? bch2_bucket_alloc_trans+0x1aa0/0x2410
[ 152.858774][ T53] bch2_bucket_alloc_trans+0x1aa0/0x2410
[ 152.861127][ T53] ? bch2_bucket_alloc_trans+0xcb4/0x2410
[ 152.863592][ T53] ? __pfx_bch2_bucket_alloc_trans+0x10/0x10
[ 152.866152][ T53] ? bch2_bucket_alloc_trans+0xcb4/0x2410
[ 152.868638][ T53] ? bch2_bucket_alloc_set_trans+0x1eb/0xe70
[ 152.871311][ T53] bch2_bucket_alloc_set_trans+0x5a6/0xe70
[ 152.874089][ T53] ? bch2_bucket_alloc_set_trans+0x1eb/0xe70
[ 152.877101][ T53] ? __open_bucket_add_buckets+0x783/0x1e40
[ 152.879689][ T53] __open_bucket_add_buckets+0x1437/0x1e40
[ 152.881959][ T53] open_bucket_add_buckets+0x2ee/0x440
[ 152.884348][ T53] bch2_alloc_sectors_start_trans+0xd26/0x1e80
[ 152.887485][ T53] ? __mutex_unlock_slowpath+0x1cd/0x700
[ 152.890676][ T53] bch2_btree_reserve_get+0x641/0x1810
[ 152.893416][ T53] ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 152.895928][ T53] ? __pfx_bch2_btree_reserve_get+0x10/0x10
[ 152.898448][ T53] ? __pfx___bch2_disk_reservation_add+0x10/0x10
[ 152.901074][ T53] ? bch2_btree_update_start+0xadb/0x1dc0
[ 152.903483][ T53] bch2_btree_update_start+0x147e/0x1dc0
[ 152.906019][ T53] ? bch2_btree_path_traverse_one+0x91e/0x21d0
[ 152.909316][ T53] ? bch2_btree_node_rewrite+0x17e/0x1120
[ 152.911730][ T53] ? __pfx_bch2_btree_update_start+0x10/0x10
[ 152.914160][ T53] ? bch2_btree_path_traverse_one+0x91e/0x21d0
[ 152.916865][ T53] ? async_btree_node_rewrite_work+0x1e1/0x840
[ 152.919599][ T53] ? bch2_btree_iter_peek_node+0x566/0xbe0
[ 152.922770][ T53] ? bch2_btree_iter_verify+0x1d/0x360
[ 152.925160][ T53] bch2_btree_node_rewrite+0x17e/0x1120
[ 152.927458][ T53] async_btree_node_rewrite_work+0x370/0x840
[ 152.929869][ T53] ? __pfx_async_btree_node_rewrite_work+0x10/0x10
[ 152.932604][ T53] ? async_btree_node_rewrite_work+0x1d2/0x840
[ 152.935513][ T53] ? _raw_spin_unlock_irq+0x23/0x50
[ 152.937891][ T53] ? process_scheduled_works+0x9ef/0x17b0
[ 152.940391][ T53] ? process_scheduled_works+0x9ef/0x17b0
[ 152.942840][ T53] process_scheduled_works+0xae1/0x17b0
[ 152.945283][ T53] ? __pfx_process_scheduled_works+0x10/0x10
[ 152.948082][ T53] worker_thread+0x8a0/0xda0
[ 152.950457][ T53] kthread+0x70e/0x8a0
[ 152.952794][ T53] ? __pfx_worker_thread+0x10/0x10
[ 152.955075][ T53] ? __pfx_kthread+0x10/0x10
[ 152.957045][ T53] ? _raw_spin_unlock_irq+0x23/0x50
[ 152.959322][ T53] ? lockdep_hardirqs_on+0x9c/0x150
[ 152.961329][ T53] ? __pfx_kthread+0x10/0x10
[ 152.963245][ T53] ret_from_fork+0x3fc/0x770
[ 152.965299][ T53] ? __pfx_ret_from_fork+0x10/0x10
[ 152.967698][ T53] ? __pfx_kthread+0x10/0x10
[ 152.970169][ T53] ret_from_fork_asm+0x1a/0x30
[ 152.972487][ T53]
[ 152.974324][ T53] Kernel Offset: disabled
[ 152.976238][ T53] Rebooting in 86400 seconds..