program:
r0 = fsopen(&(0x7f0000000000)='hpfs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000080)='source', &(0x7f0000000240)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
perf_event_open(&(0x7f0000000480)={0x5, 0x80, 0x52, 0xbf, 0x8, 0x3, 0x0, 0xad, 0x13, 0x8, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4, @perf_bp={0x0}, 0x8022, 0x7fffffff, 0x81, 0x4, 0x7, 0x5, 0x7, 0x0, 0x9, 0x0, 0x4000000005}, 0x0, 0x0, 0xffffffffffffffff, 0x9)
read$FUSE(0xffffffffffffffff, &(0x7f00000003c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_GETXATTR(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0x0, r1, {0x3}}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='bdi_dirty_ratelimit\x00'}, 0x18)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x40010, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
chdir(&(0x7f0000002400)='./file1\x00')
set_mempolicy(0x2, &(0x7f0000000140)=0x8001, 0x2)
lseek(0xffffffffffffffff, 0x1c4f, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000002580)=ANY=[@ANYBLOB="0a00000005000000020000000700000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000000de44667fc5b32cea0180f6868a78c72689aca97484517b4b35fad041222c26256a53bb192877949e952224e2fe7c1d09cedcb83c20b39c0fb6ec30ae7f3cef7b965223b71ddd4beed69f93ec128e437b1aa7d6c0dfcc94f2c9a03a4e4501e5522d82b6a8831a7af95e61652764b0c7f65ccdd0fa87440cf10ed60d608dc239e2f9936726723886ab779fa22d0ee9394ee7ce4edec688aa25684d3039151dd1aa0280ec1e859b18d093ff9424721bee6f508cbca183d2d532b7ebec0f010b5991578211f3d77c1562f19426c534ef706b248a75a51033f9d0eedcd8b0bd61a1679357abb61521479ea37b3311daa5e4310892d2252d494858c5558dac2567f55b87e926849bfbf08bc987d7b5e19aa5f6cf62a4c673e1d95a9534e6a426055853493dca5b5b1092de4b7b4afefaf46b3c71bcd51c203"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0xfffffffffffffe8b, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x9})
syz_emit_ethernet(0x3a, &(0x7f0000000140)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local, {[@timestamp_prespec={0x44, 0x4, 0xf6}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0x0, 0x0, 0x6}}}}}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
ioctl$sock_SIOCINQ(r4, 0x541b, &(0x7f0000000340))
ioctl$IOC_PR_RELEASE(r3, 0x401070ca, 0x0)
syz_mount_image$bcachefs(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x818001, &(0x7f0000002440)=ANY=[@ANYBLOB="726174656c696d69745f6572726f72732c6e6f6368616e6765732c6572726f72733d636f6e74696e75652c696e6c696e655f646174612c7374725f686173683d736970686173682c766572626f73652c7265636f766572795f706173735f6c1073743d636865636b5f696e6f6465732c7265636f6e5874727563745f616c6c6f632c6e6f636f772c004f7dc1b3126663477fa001ad568fa91bccbd1c876ed341284470407e99388eadd94684cd9e82426f76f0f38e663f09fa68f0aa7e1c6f6df8cbbaaa3c36f59c6058f25158040300000000000000354ccedfaa2da2a219ab665c4f4ea7c595b6bc85d337b77163f92c52406ec2fb259a9c4adbe66591e94e022d93f8e1c7829bad108044ac45bd9120f0755e062aeb01ea9cc6a83e2c1e3a865697c04d7f14fd36e9e02eed4ea9a62a4afbadb64bda0b07"], 0x1, 0x596b, &(0x7f0000005c40)="$eJzs3X+QHFW9KPDTM7PZyW5+bAJIBNksgSiCmg2/CuWVRp+/CpCKhaWEF4WFbDCahFQShASU4AMfFGChpaWof6CF1EOjRRU8JVIiP17CU5Ti6aVuIXX1XvRWeQu5pARyKcvr3tqdPpPd3unt2ZnZkMDnU8n29Jme7zl9+sxMf8/07gQAAABeE/Zcv2XfuUe97xefH37pmg/+ZMO1obc8Vl6NG/SlyytfqRZyIHVXFo0ts+PiTVd9748Dl7zn53f3fPfl3WuOXfvb9x52yf2fOmvXbd986MW59/79maK4cTyduH89eS4JofrTvV/9wu7HjhwtS0II5aRvRwgLkoUPLUgyIQb/GkJYk64cVpl45z0vnbJ2dHntTd0Tyudnghjvr23VdJxt33fFSeF371513a8W//AHXTuf3bF/k6Q6bjyFMO+i8Y/vCiHMTv+PisNwUbocSJcrQwg94x53RkG7jmuy/cty1o9Ol7PSZW9BnHj/ksx6KbNddj3qyix7CuprV147Wt2uyJzMevbFqF157YzlC9Llj9PlidOMX47/k1BKQqXe/PXJ/jESxh23JCRjx7JaXy/Vj21I9z+znmTWS5n1cldmv8bqTQdaOUkmlsftMuXx5biSlh87/rW6gfNyyl+fLqvpE/XluB6yN2p6J92o79eY2K69U7TlQBjtp+4pyuvjLD0Yvek+9CYLJz1mpIF43+5VNy8tr354T19OO5K7kzR+0lL87b9cMOcT37/x8kV58S8qpfFLLcX//dmPP3/Bjd/5Rm78W2P8ckvxT36g57mzH7l+SV7/xOHVGyotxR965tFbFh9+8c7c9t8+1v/dvaHaUvwVux7vnrvvgQdzj+9g7J/ZLcV/+sz3/+GuJ+97Njd+iPF7Woq/etemL3b37zshN/6DcXz2tjZ+Xth5+lP9/X8ayIv/RIw/t6X4d+647R13zL/prNzjuzL2T19L8c85/v7r5uy775i8187k9k69cwK8Nh2WnmPdkK5PlWd2T5FntmtcvvD1gUrtnG9O+n9uJyvKnHyO1jOvk/EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwxEn/7wP/8tG+5yrpend64+lSbRnLZ4WQzA4hbNk6tHnruo2XDnzqsss3bxxaPzC0dWB449bN2wZOfcvA5uFN64e2jd47+NZTao9bGJLaMjlmUt3dIyMjpb6JZbG+/378zt8tPePf/hzC4BG/6a/ktn/ZbRvuOLzBz4xkxci7Nlx+7m9O+3a6X31pu/oatGtkZGQk5LTr38//2x1f3vvHE0IYfN1U7Xr06Xf+bEKDxgr2x0mVukOtQd1JT8N21Fudtif2V2XtuvXDg1P37+jjyzn78T+uevava6/80t9q/VvN3Y8m+3f2ipH1pa+tOuc/v3Z1raCoXfX9yLRrpo97UX/HvYjti/1XTft7Xrpf83L2q5LT39f/6sEnf3rUjS/uCIOVFxZPrrtov7rSAdCVvL6pemMNPcmCCeXVdPt4xOPjlm3dsGnZlm3b37puw9Clw5cOb3z78lOXnz542umnLRvb82Ud3v9Y/xub3P9mx1O23umNp/mf2fHj+LO58VTUrqL+GG1XcX+Mb1He86/nvC985e23PXJuraBonMet68/DdNkzepyXh3HjbXJfNdqvon4IIQw06ofnXzwrHPmP664reh0af2TG/8xIVow8tuQv3z7jW4v+W63ggLzOj29Qi6/z9Vbvb89Yf1XT4zFykPZvdyin+9XbsF3LH3uk6+Y9f/5svX2zZoUrh7Zu3by89nNO2tI5ydEN25Utjfu1eOxnOaTdEurDtMF4HdUVau3Lvn7GzbO92pve15ssbLhfWfG+3atuXlpe/fCevJ5O7q7VODvMrS2TN+RsuT7zwHK9wY3qP1iff0Xjo/8D37r3o/f+6NRJ4+Pk2s+i/Upy9uuHT975le9+6X/9qHP79YF3Pt73l3/65NJawaHyulJvddqeZPzryskhFD3/FofG+5H7/Cs13p+i51+2nv3bN443kFnvDeXi52s1THq+nvxAz3NnP3L9ktzn695mn69XT1grFzxfD5bxk31+JZWJ7Zi559eEgZKsGPn5DYfteOialUfVCorGdX3rRuP6lCbyj5z9+tkFT/VfNvA//6Fzrxvfe8s9F/52aMXnagWtH/fYls4c92rav9Wc/q23Ouad4/v3bZdctn5NrfzgPf9NlwX5T3wp2bJt+6eH1q8f3ryluf1q9v001pPt5VbfT+Or28KC/SpN2q+Zu9FMfzX7fIvtX9Nyf018vvWGpKXzuO2/XDDnE9+/8fK+SY9KK7qolMYvtRT/92c//vwFN37nG7nxb43xKy3FH3rm0VsWH37xztz4tydp/GpL8Vfserx77r4HHsyNPxjbP7ul+E+f+f4/3PXkfc/mxq+/f/S21v8v7Dz9qf7+P+XGfyJJ6xk9RwrhnpdOWVtbT0JX+nyL7eia0K6QXU8y66XMenn8eqk211qvoJwkE8vjdmn5sePa0sjHcsrjWVh1UW35clwP2RtTlx9sSuNe+xuVF52nAgC82sXP/+M5aPz8fzg9UcqfaYD9etvMwxblxI152P75nFkT7l+Uxo+Pj/OA/W8Lg6PLawdqJ/rT/RwhPh+y85yxnhOOmxij1XnOovn3JZn12K7afHllXB6ampzXVEIT8++T65l6/j2z+8Xz4wM3TGrWwLh5q+zx60pnzBpd75Bpb2U0Qt74yM6Lxes5+ueFlWP1NTk+stfRxOOQvY4m1nNU5oWz1eto2h0fsdlTjI+xJhd/vjH5+IUp+nf/8WscLXv8pnG8q6Pbz/Tnsx2YN2z4knbg5g2b+DysQfxmPw+rz0uumLzNVPFfK/OSB/u8YSyP+1Fpcj7xoznlzcwnjp+Xy5tPjC8XsV17p2jLgWA+EXi1ivl/fI8Yzf9HT8D/I7Nd0Xlo9qwxxsu9TqjcuD1Fecfk6/R6WnofX71r0xe7+/edkHue82Cz1/1smrDWU3DdT1E/Ls2sF/ZjzgRNUb6Xraeo37PXZfSGuS31+507bnvHHfNvOiu331fW3kiL+/0rE9bmFvT7IZAvNI7/assXXMcwMX7Y3/9hBufPXrF8JL3waabykY/k3D/d6xt6Jt2o79eYQy4f6Tqw7QIADh0x/69/fpbm//8cN0jPI4ry1hMz6zFebt6ac36Sl7d+KF1emdm+N/2NiumeN59z/P3Xzdl33zG5ecvtzeah/3vCWl9hHtpe3pybR6zszPXiuXlEPc9qL0/MbX89T2wvT8+NX8/T28ujc/unnke3Nw+QG78+D3Co57kF83WZyuJqs/N1M30dykzn0dkEtJ4vp78+O1N59Hk55dPNo3sn3aiRRwMAHBxi/h9P42L+/0hmu3Y/Z8/NCzp03p79eyD1+E8cqLxypvO+mc5bZzqvn+l5iUM9L57peaGZnSd7xT5fPljy4rRSeTEAAAezmP/PTtfz8//28pNG+VvXhPxEft4wvvz8IMnPD/X5L/m/z8WLyf8BAF7dYv4frzqNf//v/6br2b9b/2rM07uaiC9Pl6eHA5Knd36eLbgO4JWdB5i9f3vzAAAAvBK6xjKlyb9n//F0mf09+7zfy78gZ/tmVdLT44u3bh4evvDyTWuGtg5fuPGyNcNbLrxi87qtW4c31rZrN2/MzVvSvLErVNL+aLxdNm+bn/49hPk5fw8hu30Me/TYjcl/DyFb7eyCvyOw//g1196841eaYvtG4yPveOfF/1jO9lH9+F/yyZMvXLvlwnUb121dN7R+3fbhiduNZq090/jezNgt0/q+1MyPSUrT//7OzrSjNKkdXWl/5H0/e5Jpx4K0JQvyvv8gp92/+P9f/szxI3+7K4TBI8pvaKv/khUj/+f84Q9t3fObTaPtnz1l++tbpu0q+r7S7PZxfyrrL9uy9aS1l12+MfuNkq2J8xml+voMzWekT/9yk/MTq3PKp3udQnnSjYNT0/MTAABMED//j+ez8fPDL6UnULG8+Ty9vc+Pc/P0weby9Oz3khXl6dnt4/42m6dX28zTs/UX5emNtm+Up+fl3XnxP5Kz/XQ1P07au84jd5xc1Nw4yX6fQdE4yW4/3XGStDlOsvUXjZNG2zcaJ3nHPS/+h3O2z9P8eGjv92dyx8OtzY2HN2fWi8ZDdvuYizY7Hkptjods/UXjodH2jcZD3vHNi39uzvbNmjg+RgfG2LgYvvCKyzZ/etx2M/39F+23b2a//6NVzbd/Zq/7mvn2z+x1ZTPf/vauK8tt/xPtzYQ13/6Z/X6XVh2w+dr0YrOi68+K5nFX5ZRPdx531qQbByfzuPDKifl//Lgn5v83pctOfwx06H9Pmu8xaxi/fv39zJ7HeD+forKDgPdzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOZ0VxaNLfdcv2XfuUe97xefH37pmg/+ZMO1b7rqe38cuOQ9P7+757sv715z7NrfvvewS+7/1Fm7bvvmQy/OvffvzxQG7hv7WTkxXa2GkDyXhFD96d6vfmH3Y0eOliUhhHLStyOEBcnChxYkmQiDfw0hrKm3c+Kd97x0ytrR5bU3dU8on58Jkt2v0FuO7RnfzhCuLNwjDkHVdJxt33fFSeF371513a8W//AHXTuf3bF/k6Q6bjyFMO+i8Y/vCiHMTv+PiqNtUXxwulwZQugZ97gzCtp1XJPtX5azfnS6nJUuewvixPuXZNZLme2y61FXZtlTUF+78trR6nZF5mTWsy9G7cprZyxfkC5/nC5PnGb8cvyfhFISKvXmr0/2j5Ew7rglIRk7ltX6eql+bEO6/5n1JLNeyqyXuzL7NVZvOtDKSTKxPG6XKY8vx5W0/Njxr9UNnJdT/vp0WU2fqC/H9ZC9UdM76UZ9v8bEdu2doi0HQmnca1Cj8vqBTw9Gb1rWmyyc9JiRBuJ9u1fdvLS8+uE9fTntSO5O0vhJS/G3/3LBnE98/8bLF+XFv6iUxi+1FP/3Zz/+/AU3fucbufFvjfHLLcU/+YGe585+5Poluf2zN/ZPpcn41Qnxh5559JbFh1+8M7f9t8f41SnjZ2uJ963Y9Xj33H0PPJjb/sHYP7Nb6p+nz3z/H+568r5nc+OHGL+npfird236Ynf/vhNy4z8Y+6e3tfHzws7Tn+rv/9NAXvwnYvy5LcW/c8dt77hj/k1n5R7flbF/+lqKf87x9183Z999x+S9dia3d+qdE+C16bD0HOuGdL3VPLNd4/KFrw9Uaud8c9L/cztZUcZoPfNmMD4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAK9Ov7761I+f/64Pr6okISQ524w0EO8rz1qxYqCFeoeeefSWxYdfvHN82aIW4gAAAADFYh5eqpdUw6JwRTI7HN1w+zhHcHRcSyaWZ+cQYpzsHEGrcUodilPuUJxKh+J0dSjOrA7F6e5QnGpBnGpoLs7sKeJURkdFk+3pmbI9zcfp7VCcOR2KM7dDceZ1KM78DsXpmzJO8+NwQYfiLOxQnMM6FOfwDsU5okNxXtehOEd2KE52Tnm643BuuuVReXHGbpQL41SScv2ORvPpR6b1HNNmPb0F9cwtej9usp7ZTdZzXOZxpWnWU22ynje2WU/SZD1vbrOeUkE9cdxemW1frCeuNTn+t3Uozvb24vxrPN+6qkPtubpDcT7boTif61Cca9qMA9CsmP+n+V49zepJX3GyswAx31089nPy+13eC1KM94ZM+ayieNlEPRNv8XTbl51AyMRbkinvmhCvUs9HpohXHR9vaebOwv3NTihk2ndipry7KF52YgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZtCvrz714+e/68OrQhJG/zU00kC8rzxrxYqBFurdvermpeXVD+8ZX9ZdaSEQAAAAUCjm4V31kmroriwP3cmsCdtV03mAarpe7htbnNo/L6wcvZEMlMYKepIFUz6uUntcWLZ1w6ZlW7Ztf+u6DUOXDl86vPHty09dfvrgaaeftmztuvXDg7WfIXQXxAshjE0/bNm2/dND69cPb95SK8y2f1H6uEXpepI+rv9tYXB0eW3a/oUF9ZUm1bftqTNrd+0v6dCNomMHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBf7NpdjJxV/Qfw88zMzgwL/bP/8DY0dDvpC6lKtK2LKUrYJzGRBNqmGxIzi66kkTYSt7SBllQcoYmAbTQmkMamphfWVAJIvOFFiJGXNKnBahO3NgaIcqEXGlBMIb0wJWO6O2d2Znams46EQv18Lp5n5pzfOb85c7HJ99kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAD9pUdWSiMjo2PpiEkHSpqXUQ57L5NC330ffLz2/7fmH41IrmsUKuj40AAACAnmIOH2iMFEMhlw3ZcOX0uyVnLvn6RJjN/QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwP+eqerIRGV0bPzCJISkS02tgziXzadpuY++b7zz5GdeHR7+a/NYqY99AAAAgN5iDs80RoqhFJaGgeTKlrr4bGBh2/r2urjPonnWtT876Fa3dJ51V8+p+8Fjneo+1mO/9fX7zgAAAAAffTH/5xojQ6GQW9A1//fK9bFucVtdtn7v57cCAAAAwH8n5v9CY6QUCrlSI6/PN+8vaauL63v93z6uX95l/dz/57euX1e/+z89AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHx0TFVHJiqjY+PZJISkS02tgziXzadpuY++q18Y/PvNhx9c0jxWyPWxEQAAANBTzOGz0bsYCrnBMBAunM79wzceePqLTz87EkKYifn5fNi5cfv2u1bPXGPdqqOHB7535K1vNbaJdatmrufkcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPtqqjoyURkdG78gCSHpUlPrIM5l82la7qPv65/7wp8fP/Hcm81jpT72AQAAAHqLOXw2+xdDKeRDPlw+/a4565+RaVvf7ZkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcP64+xv3fn3j5OSmu7zwwgsvGi/O9V8mAADg/bY4JKH2H7piw7n+1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIfBVHVkojI6Nl5MQki61NQ6iHPZfJqW++ibPn+ssODUCy81j5X62AcAAADoLebw2exfDKUwEAbCZdPvOj0TmM7/Qx/ghwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+VKaqIxOV0bHxBUkISZeaWgdxLptP03IffR/dtf+zhy7+7k3NY4VcHxsBAAAAPcUcnm+MFEMh9/FQCFfV30+2Lkiy9Xvn5wKz67a1LBuc97pqy7rsvNftbjtZrn6amXXFuN/QzL2xrjx3XblpXSk02pdb1oW9LasW9PicAQAAAM6hmP8LjZGhUMgVmnLuYy31Q3IuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANDFVHVkojI6Np4kISRdamodxLlsPk3LffS99zf/f9FXfrpnR/NYqY99AAAAgN5iDp/N/sVQCovC/4VF07k/DLXWx7p/VE4feuSff1kRwsrLjw/n2rf9UXzxq9dveLH9EkKmtToTwsVh0fSThqRLv1//7pF7ltVOPx7CysuyV83pF87er3XLtPZMZdO67UeOb+vx5QAAAMB5Iub/gcbIUCjk7uya/2Py7pH/G6YD+MX37Pr5pfVrPZG3rcgM1ftluvT7/LIn/7R8zd/eOpP/z9bvU/u3HLq0peHMSJskrY1u2bH++LUHM/HUM/2zbf3j9/Klb775r807Hz49078YivXxhblO/ede21yQ1iYz+8bXvrev2to/1+X8D/72pRO/XLjn3TP931k82Oh/9VnOf/b+g7c8tPe6/YfXt/YPIZQ79X/73ZvCFX+444H28w+2bdz8zTdf2yRp7eiSkwfXHChd39o/aesfv/+fnXh0708e/s6zsX/8rciKpfPtn2nr/8ruS3a9fP+Gha39M13O/+Ktrw5vLX/79+3nv71l11zXTzH3/E9c89Rtr21M72ufAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOL9MVUcmKqNj45kkhKRLTa2DOJfNp2m5j75v3Hzs7Vv3/PiHzWOlPvYBAAAAeos5fDb7F0Mp5EM+DE7n/mcqm9ZtP3J8WxiamU3q99zk1ru3f2Lz1h133n6OPjkAAAAwXzH/56bfJSGEoVDILQsD9fw/umXH+uPXHszE/J+J+X/zHZObVoZG3Su7L9n18v0bFjaeE4Qw/bOA4pm6T8/W3XjDsaGTf/za8o51q2frji45eXDNgdL1sS40160KjecTT1zz1G2vbUzva3y+5rpPfnXrZP3xRNx38JaH9l63//D6xjnq98H6vrFuMrNvfO17+6qxLlu/F+vnBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADmmqqOTFRGx8ZDNoSkS02tgziXzadpuY++a5f94oGLTj23qHmskOtjIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+zQ4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRX26yc0jiqOA/h7u4nZZpM2aQWjYppWRakHi4KIXqKoSCtS8FQpUm3tQRQEEaUeTKUVS1W8CFYvRVRQoxQUbCyWVknFf8WLBxUUqgehFAPaUDyoZPNmu5nsuHVSBe3nA5u3783Md34z7+1sFgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOA/padrqNEe3vHQ9O0X3PzpE/eeePzW9x/Ydtljb/w4sunGT/b2vnpycvOKLd/ctGzT/vvWTOx+6dCv/e/+frRj8KOzzarUrYUQj8cQah9MPf/k5GfnzYzFEEI1DoyFMBiXHhqMuYTVv4UQNjfrnLvxnRNXb5lpt+3qmTO+JBeSv65Qr2b1zBqYWy//L7W0zrZOP3JF+O6G9du/WP72W93jx8ZO7RJrLesphMUbW4/vDiEsSq8Z2Wobyg5O7boQQm/Lcdd2qOvi06z/yoL+hak9J7X1DjnZ9pW5fiW3X76f6c61vR3Ot1BFdZTdr5O+XD//MFqoojqz8cHUvpfaVX8zv5q9YqjE0NUs//54ao2ElnmLITbmstbsV5pzG9L15/ox16/k+tXu3HU1zpsWWjXGuePZfrnx7HHclcZXtD6r27ijYPz81NbSB/Vk1g/5N7Pq8940r6shq2vqL2r5N1RankHtxpsTnyajnsbqcem8Y/5oI9s2uf7pS6sbPjw8UFBH3BtTfjyN/NF5+Vs/H+y7682dDw8V5W+spPxKqfq/X3vk5zt3vvxiYf5zWX61VP5VB3qPr/1ox8rC+zOV3Z+uUvl3H/34meXn3jPebq4b+Xuy/Fqp/NGJIz390wcOFta/Ors/i0rlf3v9LT+8/tW+Y4X5IcvvLZW/YeLBZ3uGpy8vzD84+1GoN1ZoifXzy/g1Xw8P/zRSlP9ldv/72+THjvmvje2+7pUlu9YUrs912f0ZKFX/bZfs3943ve+iomdn3HOmvjkBzk7L0v9YT6V+2d+ZC9Xye+GFka7Zb6C+9Oo/kydqGm38nTnP4n8kHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA/2YEDEgAAAABB/1+3I1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgLMCAAD//4R2H7U=")
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@bridge_getvlan={0x18}, 0x18}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x44, r7, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x8, 0x4, '\x00\x00\x00\x00'}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x9}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x44}}, 0x0)
madvise(&(0x7f0000e3a000/0x2000)=nil, 0x2000, 0x17)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x8, 0x7, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000046000200000000001000f4ff00000000050001080000000050000000000000009500000000000000bfa48f94b4"], &(0x7f0000000180)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

[   85.988807][ T5317] Bluetooth: hci0: command tx timeout
[   86.461864][ T5340] loop0: detected capacity change from 0 to 32768
[   86.615529][ T5340] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nochanges,nojournal_transaction_names,read_only,nocow
[   86.615551][ T5340]   allowing incompatible features above 0.0: (unknown version)
[   86.615558][ T5340]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[   86.636035][ T5340] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[   86.640242][ T5340] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing
[   86.646977][ T5340] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key POS_MIN durability: 0 crc: c_size 1 size 1 offset 0 nonce 0 csum none 12010b:10004000b  compress none
[   86.646991][ T5340]   has non ptr field, deleting
[   86.658832][ T5340] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[   86.661968][ T5340] bcachefs (loop0): Version upgrade from 1.19: autofix_errors to 1.7: mi_btree_bitmap incomplete
[   86.661968][ T5340] Doing compatible version upgrade from 1.19: autofix_errors to 1.28: inode_has_case_insensitive
[   86.661968][ T5340]   running recovery passes: check_extents_to_backpointers,check_inodes
[   86.729991][ T5340] bcachefs (loop0): btree node read error at btree alloc level 0/0
[   86.730018][ T5340]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 7
[   86.730025][ T5340]   node offset 8/24 bset u64s 375 bset byte offset 184: keys out of order: u64s 11 type alloc_v4 0:32:0 len 0 ver 0 > u64s 11 type alloc_v4 0:2:0 len 0 ver 0
[   86.730032][ T5340]   loop0 node offset 16/24 bset u64s 0: unsupported bset version 0.0
[   86.730036][ T5340]   flagging btree alloc lost data
[   86.730040][ T5340]   running recovery pass check_topology (2), currently at recovery_pass_empty (0)
[   86.730045][ T5340]   running recovery pass check_allocations (8), currently at recovery_pass_empty (0)
[   86.730051][ T5340]   running recovery pass check_lrus (14), currently at recovery_pass_empty (0)
[   86.730055][ T5340]   running recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0)
[   86.730060][ T5340]   running recovery pass check_alloc_info (13), currently at recovery_pass_empty (0)
[   86.730064][ T5340]   ret btree_node_read_err_incompatible
[   86.788715][ T5340] bcachefs (loop0): error reading btree root btree=alloc level=0: btree_node_read_error, fixing
[   86.809657][ T5340] bcachefs (loop0): check_topology... done
[   86.813227][ T5340] bcachefs (loop0): accounting_read... done
[   86.818571][ T5340] bcachefs (loop0): alloc_read... done
[   86.821462][ T5340] bcachefs (loop0): snapshots_read... done
[   86.826170][ T5340] bcachefs (loop0): check_allocations...
[   86.829188][ T5340] bcachefs (loop0): bucket 0:34 data type user ptr gen 0 missing in alloc btree
[   86.829224][ T5340]   while marking u64s 7 type extent 3746994889972256771:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, fixing
[   86.849043][ T5340] bcachefs (loop0): bucket 0:34 gen 0 different types of data in same bucket: journal, user
[   86.849058][ T5340]   while marking u64s 7 type extent 3746994889972256771:8:U32_MAX len 8 ver 0: durability: 1 crc: c_size 8 size 8 offset 0 nonce 0 csum none 0:0  compress incompressible ptr: 0:34:0 gen 0, fixing
[   86.866651][ T5340] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap
[   86.866666][ T5340]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0, fixing
[   86.879391][ T5340] bcachefs (loop0): bucket 0:27 data type btree ptr gen 0 missing in alloc btree
[   86.879407][ T5340]   while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0, fixing
[   86.895748][ T5340] bcachefs (loop0): bucket 0:27 gen 0 different types of data in same bucket: journal, btree
[   86.895763][ T5340]   while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0, fixing
[   86.909240][ T5340] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap
[   86.909255][ T5340]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing
[   86.923021][ T5340] bcachefs (loop0): bucket 0:38 data type btree ptr gen 0 missing in alloc btree
[   86.923040][ T5340]   while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing
[   86.935527][ T5340] bcachefs (loop0): bucket 0:38 gen 0 different types of data in same bucket: journal, btree
[   86.935542][ T5340]   while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing
[   86.949627][ T5340] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap
[   86.949646][ T5340]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing
[   86.961802][ T5340] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree
[   86.961818][ T5340]   while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing
[   86.973212][ T5340] bcachefs (loop0): bucket 0:41 gen 0 different types of data in same bucket: journal, btree
[   86.973227][ T5340]   while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing
[   86.987414][ T5340] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap
[   86.987430][ T5340]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing
[   87.000024][ T5340] bcachefs (loop0): bucket 0:35 data type btree ptr gen 0 missing in alloc btree
[   87.000041][ T5340]   while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing
[   87.012567][ T5340] bcachefs (loop0): bucket 0:35 gen 0 different types of data in same bucket: journal, btree
[   87.012581][ T5340]   while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing
[   87.025855][ T5340] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap
[   87.025873][ T5340]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing
[   87.037235][ T5340] bcachefs (loop0): bucket 0:32 data type btree ptr gen 0 missing in alloc btree
[   87.037251][ T5340]   while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing
[   87.049366][ T5340] bcachefs (loop0): bucket 0:32 gen 0 different types of data in same bucket: journal, btree
[   87.049381][ T5340]   while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing
[   87.061627][ T5340] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap
[   87.061644][ T5340]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key POS_MIN durability: 1 ptr: 0:28:0 gen 0, fixing
[   87.073896][ T5340] bcachefs (loop0): bucket 0:28 data type btree ptr gen 0 missing in alloc btree
[   87.073910][ T5340]   while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key POS_MIN durability: 1 ptr: 0:28:0 gen 0, fixing
[   87.103971][ T5340] bcachefs (loop0): bucket 0:28 gen 0 different types of data in same bucket: journal, btree
[   87.103989][ T5340]   while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key POS_MIN durability: 1 ptr: 0:28:0 gen 0, fixing
[   87.118382][ T5340] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap
[   87.118398][ T5340]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing
[   87.130696][ T5340] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree
[   87.130710][ T5340]   while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing
[   87.141911][ T5340] bcachefs (loop0): bucket 0:29 gen 0 different types of data in same bucket: journal, btree
[   87.141927][ T5340]   while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing
[   87.161583][ T5340] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap
[   87.161601][ T5340]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4a8b0fa43a9980a6 written 24 min_key POS_MIN durability: 1 ptr: 0:37:0 gen 0, fixing
[   87.173526][ T5340] bcachefs (loop0): bucket 0:37 data type btree ptr gen 0 missing in alloc btree
[   87.173539][ T5340]   while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4a8b0fa43a9980a6 written 24 min_key POS_MIN durability: 1 ptr: 0:37:0 gen 0, fixing
[   87.188560][ T5340] bcachefs (loop0): bucket 0:37 gen 0 different types of data in same bucket: journal, btree
[   87.188575][ T5340]   while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4a8b0fa43a9980a6 written 24 min_key POS_MIN durability: 1 ptr: 0:37:0 gen 0, fixing
[   87.200824][ T5340] bcachefs (loop0): btree ptr not marked in member info btree allocated bitmap
[   87.200842][ T5340]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 8 min_key POS_MIN durability: 1 ptr: 0:42:0 gen 0, fixing
[   87.213683][ T5340] bcachefs (loop0): bucket 0:42 data type btree ptr gen 0 missing in alloc btree
[   87.213698][ T5340]   while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 8 min_key POS_MIN durability: 1 ptr: 0:42:0 gen 0, fixing
[   87.227891][ T5340] bcachefs (loop0): bucket 0:42 gen 0 different types of data in same bucket: journal, btree
[   87.227907][ T5340]   while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 1db8f60c84bb244c written 8 min_key POS_MIN durability: 1 ptr: 0:42:0 gen 0, fixing
[   87.250024][ T5340]  done
[   87.252001][ T5340] bcachefs (loop0): going read-write
[   87.394004][ T3021] bcachefs (loop0): u64s 13 type alloc_v4 0:25:0 len 0 ver 0: 
[   87.394029][ T3021]     gen 0 oldest_gen 0 data_type journal
[   87.394036][ T3021]     journal_seq_nonempty 0
[   87.394041][ T3021]     journal_seq_empty    0
[   87.394048][ T3021]     need_discard         0
[   87.394053][ T3021]     need_inc_gen         0
[   87.394060][ T3021]     dirty_sectors        256
[   87.394066][ T3021]     stripe_sectors       0
[   87.394072][ T3021]     cached_sectors       0
[   87.394078][ T3021]     stripe               0
[   87.394083][ T3021]     stripe_redundancy    0
[   87.394089][ T3021]     io_time[READ]        0
[   87.394094][ T3021]     io_time[WRITE]       0
[   87.394100][ T3021]     fragmentation     0
[   87.394105][ T3021]     bp_start          8
[   87.394111][ T3021]   
[   87.394116][ T3021]   incorrectly set at freespace:0:25:0 (free 0, genbits 0 should be 0), fixing
[   87.398620][ T5340] bcachefs (loop0): journal_replay...
[   87.442578][ T3021] bcachefs (loop0): u64s 13 type alloc_v4 0:30:0 len 0 ver 0: 
[   87.442594][ T3021]     gen 0 oldest_gen 0 data_type journal
[   87.442601][ T3021]     journal_seq_nonempty 0
[   87.442607][ T3021]     journal_seq_empty    0
[   87.442613][ T3021]     need_discard         0
[   87.442619][ T3021]     need_inc_gen         0
[   87.442625][ T3021]     dirty_sectors        256
[   87.442631][ T3021]     stripe_sectors       0
[   87.442637][ T3021]     cached_sectors       0
[   87.442642][ T3021]     stripe               0
[   87.442648][ T3021]     stripe_redundancy    0
[   87.442653][ T3021]     io_time[READ]        0
[   87.442656][ T3021]     io_time[WRITE]       0
[   87.442660][ T3021]     fragmentation     0
[   87.442664][ T3021]     bp_start          8
[   87.442669][ T3021]   
[   87.442674][ T3021]   incorrectly set at freespace:0:30:0 (free 0, genbits 0 should be 0), fixing
[   87.493931][ T3021] ==================================================================
[   87.497997][ T3021] BUG: KASAN: slab-use-after-free in bch2_bucket_alloc_trans+0x1aa0/0x2410
[   87.501721][ T3021] Read of size 8 at addr ffff88803ffe5920 by task kworker/u4:11/3021
[   87.505387][ T3021] 
[   87.506584][ T3021] CPU: 0 UID: 0 PID: 3021 Comm: kworker/u4:11 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[   87.506602][ T3021] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   87.506616][ T3021] Workqueue: btree_node_rewrite async_btree_node_rewrite_work
[   87.506644][ T3021] Call Trace:
[   87.506653][ T3021]  <TASK>
[   87.506660][ T3021]  dump_stack_lvl+0x189/0x250
[   87.506756][ T3021]  ? __virt_addr_valid+0x1c8/0x5c0
[   87.506786][ T3021]  ? rcu_is_watching+0x15/0xb0
[   87.506824][ T3021]  ? __kasan_check_byte+0x12/0x40
[   87.506837][ T3021]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.506854][ T3021]  ? rcu_is_watching+0x15/0xb0
[   87.506873][ T3021]  ? lock_release+0x4b/0x3e0
[   87.506911][ T3021]  ? __virt_addr_valid+0x1c8/0x5c0
[   87.506924][ T3021]  ? __virt_addr_valid+0x4a5/0x5c0
[   87.506937][ T3021]  print_report+0xd2/0x2b0
[   87.506955][ T3021]  ? bch2_bucket_alloc_trans+0x1aa0/0x2410
[   87.506971][ T3021]  kasan_report+0x118/0x150
[   87.506985][ T3021]  ? bch2_bucket_alloc_trans+0x1aa0/0x2410
[   87.507003][ T3021]  bch2_bucket_alloc_trans+0x1aa0/0x2410
[   87.507027][ T3021]  ? bch2_bucket_alloc_trans+0xcb4/0x2410
[   87.507047][ T3021]  ? __pfx_bch2_bucket_alloc_trans+0x10/0x10
[   87.507068][ T3021]  ? bch2_bucket_alloc_trans+0xcb4/0x2410
[   87.507086][ T3021]  ? bch2_bucket_alloc_set_trans+0x1eb/0xe70
[   87.507105][ T3021]  bch2_bucket_alloc_set_trans+0x5a6/0xe70
[   87.507123][ T3021]  ? bch2_bucket_alloc_set_trans+0x1eb/0xe70
[   87.507141][ T3021]  ? __open_bucket_add_buckets+0x783/0x1e40
[   87.507163][ T3021]  __open_bucket_add_buckets+0x1437/0x1e40
[   87.507190][ T3021]  open_bucket_add_buckets+0x2ee/0x440
[   87.507209][ T3021]  bch2_alloc_sectors_start_trans+0xd26/0x1e80
[   87.507228][ T3021]  ? __mutex_unlock_slowpath+0x1cd/0x700
[   87.507301][ T3021]  bch2_btree_reserve_get+0x641/0x1810
[   87.507323][ T3021]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   87.507338][ T3021]  ? __pfx_bch2_btree_reserve_get+0x10/0x10
[   87.507357][ T3021]  ? __pfx___bch2_disk_reservation_add+0x10/0x10
[   87.507376][ T3021]  ? bch2_btree_update_start+0xadb/0x1dc0
[   87.507396][ T3021]  bch2_btree_update_start+0x147e/0x1dc0
[   87.507414][ T3021]  ? bch2_btree_path_traverse_one+0x91e/0x21d0
[   87.507438][ T3021]  ? bch2_btree_node_rewrite+0x17e/0x1120
[   87.507458][ T3021]  ? __pfx_bch2_btree_update_start+0x10/0x10
[   87.507481][ T3021]  ? bch2_btree_path_traverse_one+0x91e/0x21d0
[   87.507501][ T3021]  ? async_btree_node_rewrite_work+0x1e1/0x840
[   87.507522][ T3021]  ? bch2_btree_iter_peek_node+0x566/0xbe0
[   87.507534][ T3021]  ? bch2_btree_iter_verify+0x1d/0x360
[   87.507554][ T3021]  bch2_btree_node_rewrite+0x17e/0x1120
[   87.507578][ T3021]  async_btree_node_rewrite_work+0x370/0x840
[   87.507603][ T3021]  ? __pfx_async_btree_node_rewrite_work+0x10/0x10
[   87.507636][ T3021]  ? async_btree_node_rewrite_work+0x1d2/0x840
[   87.507651][ T3021]  ? _raw_spin_unlock_irq+0x23/0x50
[   87.507663][ T3021]  ? process_scheduled_works+0x9ef/0x17b0
[   87.507712][ T3021]  ? process_scheduled_works+0x9ef/0x17b0
[   87.507731][ T3021]  process_scheduled_works+0xae1/0x17b0
[   87.507757][ T3021]  ? __pfx_process_scheduled_works+0x10/0x10
[   87.507779][ T3021]  worker_thread+0x8a0/0xda0
[   87.507799][ T3021]  kthread+0x70e/0x8a0
[   87.507817][ T3021]  ? __pfx_worker_thread+0x10/0x10
[   87.507836][ T3021]  ? __pfx_kthread+0x10/0x10
[   87.507847][ T3021]  ? _raw_spin_unlock_irq+0x23/0x50
[   87.507862][ T3021]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.507879][ T3021]  ? __pfx_kthread+0x10/0x10
[   87.507892][ T3021]  ret_from_fork+0x3fc/0x770
[   87.507926][ T3021]  ? __pfx_ret_from_fork+0x10/0x10
[   87.507946][ T3021]  ? __pfx_kthread+0x10/0x10
[   87.507960][ T3021]  ret_from_fork_asm+0x1a/0x30
[   87.507974][ T3021]  </TASK>
[   87.507978][ T3021] 
[   87.679121][ T3021] Allocated by task 3021:
[   87.681088][ T3021]  kasan_save_track+0x3e/0x80
[   87.683236][ T3021]  __kasan_kmalloc+0x93/0xb0
[   87.685388][ T3021]  __kmalloc_node_track_caller_noprof+0x271/0x4e0
[   87.688646][ T3021]  krealloc_noprof+0x124/0x340
[   87.691125][ T3021]  __bch2_trans_kmalloc+0x26c/0xc80
[   87.693604][ T3021]  bch2_alloc_sectors_start_trans+0x1d59/0x1e80
[   87.696377][ T3021]  bch2_btree_reserve_get+0x641/0x1810
[   87.698574][ T3021]  bch2_btree_update_start+0x147e/0x1dc0
[   87.701167][ T3021]  bch2_btree_node_rewrite+0x17e/0x1120
[   87.704234][ T3021]  async_btree_node_rewrite_work+0x370/0x840
[   87.707239][ T3021]  process_scheduled_works+0xae1/0x17b0
[   87.709642][ T3021]  worker_thread+0x8a0/0xda0
[   87.711789][ T3021]  kthread+0x70e/0x8a0
[   87.713632][ T3021]  ret_from_fork+0x3fc/0x770
[   87.715897][ T3021]  ret_from_fork_asm+0x1a/0x30
[   87.718846][ T3021] 
[   87.720159][ T3021] Freed by task 3021:
[   87.721912][ T3021]  kasan_save_track+0x3e/0x80
[   87.724000][ T3021]  kasan_save_free_info+0x46/0x50
[   87.726228][ T3021]  __kasan_slab_free+0x62/0x70
[   87.728463][ T3021]  kfree+0x18e/0x440
[   87.730406][ T3021]  krealloc_noprof+0x1cd/0x340
[   87.732840][ T3021]  __bch2_trans_kmalloc+0x26c/0xc80
[   87.735539][ T3021]  __bch2_trans_subbuf_alloc+0x2da/0x460
[   87.738021][ T3021]  bch2_trans_log_str+0xd5/0x3c0
[   87.740221][ T3021]  __bch2_fsck_err+0xc11/0xfb0
[   87.742445][ T3021]  bch2_check_discard_freespace_key+0x71b/0xce0
[   87.745519][ T3021]  bch2_bucket_alloc_trans+0x1333/0x2410
[   87.748529][ T3021]  bch2_bucket_alloc_set_trans+0x5a6/0xe70
[   87.751177][ T3021]  __open_bucket_add_buckets+0x1437/0x1e40
[   87.753737][ T3021]  open_bucket_add_buckets+0x2ee/0x440
[   87.756137][ T3021]  bch2_alloc_sectors_start_trans+0xd26/0x1e80
[   87.758911][ T3021]  bch2_btree_reserve_get+0x641/0x1810
[   87.761615][ T3021]  bch2_btree_update_start+0x147e/0x1dc0
[   87.764604][ T3021]  bch2_btree_node_rewrite+0x17e/0x1120
[   87.767279][ T3021]  async_btree_node_rewrite_work+0x370/0x840
[   87.769999][ T3021]  process_scheduled_works+0xae1/0x17b0
[   87.772419][ T3021]  worker_thread+0x8a0/0xda0
[   87.774492][ T3021]  kthread+0x70e/0x8a0
[   87.776424][ T3021]  ret_from_fork+0x3fc/0x770
[   87.778880][ T3021]  ret_from_fork_asm+0x1a/0x30
[   87.781432][ T3021] 
[   87.782565][ T3021] The buggy address belongs to the object at ffff88803ffe5800
[   87.782565][ T3021]  which belongs to the cache kmalloc-512 of size 512
[   87.788855][ T3021] The buggy address is located 288 bytes inside of
[   87.788855][ T3021]  freed 512-byte region [ffff88803ffe5800, ffff88803ffe5a00)
[   87.795788][ T3021] 
[   87.797251][ T3021] The buggy address belongs to the physical page:
[   87.800509][ T3021] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3ffe4
[   87.804645][ T3021] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   87.808817][ T3021] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[   87.812523][ T3021] page_type: f5(slab)
[   87.814419][ T3021] raw: 04fff00000000040 ffff88801a441c80 dead000000000122 0000000000000000
[   87.817890][ T3021] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[   87.822233][ T3021] head: 04fff00000000040 ffff88801a441c80 dead000000000122 0000000000000000
[   87.826363][ T3021] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[   87.830289][ T3021] head: 04fff00000000001 ffffea0000fff901 00000000ffffffff 00000000ffffffff
[   87.833800][ T3021] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   87.838198][ T3021] page dumped because: kasan: bad access detected
[   87.841162][ T3021] page_owner tracks the page as allocated
[   87.843633][ T3021] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5340, tgid 5338 (syz.0.0), ts 87258090925, free_ts 86586281664
[   87.853333][ T3021]  post_alloc_hook+0x240/0x2a0
[   87.855568][ T3021]  get_page_from_freelist+0x21e4/0x22c0
[   87.857982][ T3021]  __alloc_frozen_pages_noprof+0x181/0x370
[   87.861100][ T3021]  alloc_pages_mpol+0x232/0x4a0
[   87.863840][ T3021]  allocate_slab+0x8a/0x3b0
[   87.866045][ T3021]  ___slab_alloc+0xbfc/0x1480
[   87.868038][ T3021]  __kmalloc_noprof+0x305/0x4f0
[   87.870043][ T3021]  __alloc_workqueue+0x103/0x1b70
[   87.872153][ T3021]  alloc_workqueue+0xd4/0x210
[   87.874362][ T3021]  __bch2_fs_read_write+0x295/0x830
[   87.876990][ T3021]  bch2_fs_read_write_early+0x26/0x40
[   87.879733][ T3021]  __bch2_run_recovery_passes+0x392/0x1010
[   87.882352][ T3021]  bch2_run_recovery_passes+0x184/0x210
[   87.884845][ T3021]  bch2_fs_recovery+0x25fd/0x3950
[   87.887114][ T3021]  bch2_fs_start+0xa99/0xd90
[   87.889383][ T3021]  bch2_fs_get_tree+0xb02/0x14f0
[   87.891566][ T3021] page last free pid 5308 tgid 5308 stack trace:
[   87.894281][ T3021]  __free_frozen_pages+0xc71/0xe70
[   87.896690][ T3021]  __put_partials+0x161/0x1c0
[   87.898965][ T3021]  put_cpu_partial+0x17c/0x250
[   87.901265][ T3021]  __slab_free+0x2f7/0x400
[   87.903356][ T3021]  qlist_free_all+0x97/0x140
[   87.905545][ T3021]  kasan_quarantine_reduce+0x148/0x160
[   87.908003][ T3021]  __kasan_slab_alloc+0x22/0x80
[   87.910104][ T3021]  __kmalloc_cache_noprof+0x1be/0x3d0
[   87.912854][ T3021]  kernfs_fop_open+0x397/0xca0
[   87.915369][ T3021]  do_dentry_open+0xdf3/0x1970
[   87.917585][ T3021]  vfs_open+0x3b/0x340
[   87.919380][ T3021]  path_openat+0x2ee5/0x3830
[   87.921453][ T3021]  do_filp_open+0x1fa/0x410
[   87.923339][ T3021]  do_sys_openat2+0x121/0x1c0
[   87.925559][ T3021]  __x64_sys_openat+0x138/0x170
[   87.927736][ T3021]  do_syscall_64+0xfa/0x3b0
[   87.930356][ T3021] 
[   87.931706][ T3021] Memory state around the buggy address:
[   87.934172][ T3021]  ffff88803ffe5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   87.937696][ T3021]  ffff88803ffe5880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   87.941332][ T3021] >ffff88803ffe5900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   87.945362][ T3021]                                ^
[   87.947808][ T3021]  ffff88803ffe5980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   87.951332][ T3021]  ffff88803ffe5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   87.954754][ T3021] ==================================================================
[   87.979471][ T3021] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   87.982693][ T3021] CPU: 0 UID: 0 PID: 3021 Comm: kworker/u4:11 Not tainted 6.16.0-rc1-syzkaller-00203-g4774cfe3543a #0 PREEMPT(full) 
[   87.988561][ T3021] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   87.994016][ T3021] Workqueue: btree_node_rewrite async_btree_node_rewrite_work
[   87.997183][ T3021] Call Trace:
[   87.998675][ T3021]  <TASK>
[   87.999973][ T3021]  dump_stack_lvl+0x99/0x250
[   88.002119][ T3021]  ? __asan_memcpy+0x40/0x70
[   88.004450][ T3021]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.007081][ T3021]  ? __pfx__printk+0x10/0x10
[   88.009160][ T3021]  panic+0x2db/0x790
[   88.010857][ T3021]  ? __pfx_panic+0x10/0x10
[   88.012743][ T3021]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   88.015293][ T3021]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   88.018448][ T3021]  ? print_memory_metadata+0x314/0x400
[   88.021520][ T3021]  ? bch2_bucket_alloc_trans+0x1aa0/0x2410
[   88.024363][ T3021]  check_panic_on_warn+0x89/0xb0
[   88.026514][ T3021]  ? bch2_bucket_alloc_trans+0x1aa0/0x2410
[   88.029126][ T3021]  end_report+0x78/0x160
[   88.030926][ T3021]  kasan_report+0x129/0x150
[   88.032795][ T3021]  ? bch2_bucket_alloc_trans+0x1aa0/0x2410
[   88.035599][ T3021]  bch2_bucket_alloc_trans+0x1aa0/0x2410
[   88.037903][ T3021]  ? bch2_bucket_alloc_trans+0xcb4/0x2410
[   88.040180][ T3021]  ? __pfx_bch2_bucket_alloc_trans+0x10/0x10
[   88.042892][ T3021]  ? bch2_bucket_alloc_trans+0xcb4/0x2410
[   88.045577][ T3021]  ? bch2_bucket_alloc_set_trans+0x1eb/0xe70
[   88.048221][ T3021]  bch2_bucket_alloc_set_trans+0x5a6/0xe70
[   88.050903][ T3021]  ? bch2_bucket_alloc_set_trans+0x1eb/0xe70
[   88.053935][ T3021]  ? __open_bucket_add_buckets+0x783/0x1e40
[   88.056639][ T3021]  __open_bucket_add_buckets+0x1437/0x1e40
[   88.059094][ T3021]  open_bucket_add_buckets+0x2ee/0x440
[   88.061266][ T3021]  bch2_alloc_sectors_start_trans+0xd26/0x1e80
[   88.063935][ T3021]  ? __mutex_unlock_slowpath+0x1cd/0x700
[   88.066645][ T3021]  bch2_btree_reserve_get+0x641/0x1810
[   88.069566][ T3021]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   88.072464][ T3021]  ? __pfx_bch2_btree_reserve_get+0x10/0x10
[   88.075087][ T3021]  ? __pfx___bch2_disk_reservation_add+0x10/0x10
[   88.078006][ T3021]  ? bch2_btree_update_start+0xadb/0x1dc0
[   88.080728][ T3021]  bch2_btree_update_start+0x147e/0x1dc0
[   88.083364][ T3021]  ? bch2_btree_path_traverse_one+0x91e/0x21d0
[   88.086676][ T3021]  ? bch2_btree_node_rewrite+0x17e/0x1120
[   88.089352][ T3021]  ? __pfx_bch2_btree_update_start+0x10/0x10
[   88.092071][ T3021]  ? bch2_btree_path_traverse_one+0x91e/0x21d0
[   88.095228][ T3021]  ? async_btree_node_rewrite_work+0x1e1/0x840
[   88.097998][ T3021]  ? bch2_btree_iter_peek_node+0x566/0xbe0
[   88.101014][ T3021]  ? bch2_btree_iter_verify+0x1d/0x360
[   88.103506][ T3021]  bch2_btree_node_rewrite+0x17e/0x1120
[   88.105829][ T3021]  async_btree_node_rewrite_work+0x370/0x840
[   88.108173][ T3021]  ? __pfx_async_btree_node_rewrite_work+0x10/0x10
[   88.110829][ T3021]  ? async_btree_node_rewrite_work+0x1d2/0x840
[   88.113555][ T3021]  ? _raw_spin_unlock_irq+0x23/0x50
[   88.115764][ T3021]  ? process_scheduled_works+0x9ef/0x17b0
[   88.118063][ T3021]  ? process_scheduled_works+0x9ef/0x17b0
[   88.120527][ T3021]  process_scheduled_works+0xae1/0x17b0
[   88.123291][ T3021]  ? __pfx_process_scheduled_works+0x10/0x10
[   88.126065][ T3021]  worker_thread+0x8a0/0xda0
[   88.128041][ T3021]  kthread+0x70e/0x8a0
[   88.129838][ T3021]  ? __pfx_worker_thread+0x10/0x10
[   88.132024][ T3021]  ? __pfx_kthread+0x10/0x10
[   88.134049][ T3021]  ? _raw_spin_unlock_irq+0x23/0x50
[   88.136747][ T3021]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.139351][ T3021]  ? __pfx_kthread+0x10/0x10
[   88.141568][ T3021]  ret_from_fork+0x3fc/0x770
[   88.143660][ T3021]  ? __pfx_ret_from_fork+0x10/0x10
[   88.145980][ T3021]  ? __pfx_kthread+0x10/0x10
[   88.148362][ T3021]  ret_from_fork_asm+0x1a/0x30
[   88.150865][ T3021]  </TASK>
[   88.152728][ T3021] Kernel Offset: disabled
[   88.154721][ T3021] Rebooting in 86400 seconds..