program:
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r2 = perf_event_open(&(0x7f00000000c0)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = dup2(r2, r1)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f0000000440)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
getsockname$ax25(r0, &(0x7f00000001c0)={{0x3, @default}, [@bcast, @null, @rose, @rose, @netrom, @netrom, @rose, @default]}, &(0x7f0000000240)=0x48)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_BLANKSCREEN(r7, 0x541c, &(0x7f00000000c0))
r8 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$bt_hci(r8, &(0x7f0000000040)={0x1, @create_conn={{0x405, 0xd}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0xfffc, 0x6, 0x9, 0x7, 0x55}}}, 0x11)
close_range(r3, 0xffffffffffffffff, 0x0)
syz_mount_image$bcachefs(&(0x7f0000000000), &(0x7f0000000140)='./file1\x00', 0x8081, &(0x7f00000000c0)=ANY=[], 0xff, 0x59c7, &(0x7f0000006280)="$eJzs3X2MHOWZIPC3uns87Rl/jA0sXgjjweBdFjbxmC+RsNp493aTFbDIEass5pzAgMesE9tYtlnAsIvJQQ4ERCRKLiHJHyQi6EicCAkuwUEhfJzNJSSISw6dCLrkjuSPnAiHFcCHolzmNNP19nTXdE319PT4A34/eaa6qqufeuqtt6vrebs9HQAAAHhH2H/bjoMXn/C3P/zE6Js3/913t9wS+ssTy6txhYF0ev3hypBDqbeybGKa7Rd/euPXfzV01V//4KG+r721b8PJG3/2N8dc9djHLth775eefGPhI394uShu7E+nT84nryYhVL934HOf3Pfs8ePLkhBCOZR2h7AkWfrkkiQTYvh3IYQN6cyyzJ0Pv3nWxvHpLXf2Ni1fnFlPf39nq6b9bNfB684IP/+rdbf+ePm3vtmz55Xdk6sk1Yb+FMKiKxof3xNCmJ/+jIu9LfbH2GnXhhD6Gh53XkFep7SZ/6qc+RPT6bx02l8QJ96/IjNfyqyXnY96MtO+gu3NVl4ena5XZEFmPnsymq28POPyJen0O+n09BnGL8efJJSSUKmnvzmZ7COh4bglIZk4ltX6fKl+bEO6/5n5JDNfysyXezL7NbHdtKOVk6R5eVwvszyejivp8pMbz9UtXJKz/I/TaTV9or4V50P2Rk3/lBv1/ZoQ8zowTS6HQqnhHNRqef3ApwejP13Wnyyd8pixFuJ9+9bdtbK8/qn9Azl5JA8lafyko/i7frRkwUe/cce12df1evwrSmn8Ukfxf3Hhc69ddsdXv5gb/54Yv9xR/DMf73v1wqdvW5HbPgdi+1Q6ij/y8jN3Lz/2yj25+d8X41c7ir9m73O9Cw8+/kRu/sOxfeZ3FP+l8z/wywdfePSV3Pghxu/rKP76vds+1Tt48LTc+E/E9unvrP+8vufcFwcHfz2UF//5GH9hR/Ef2H3v++5ffOcFucd3bWyfgY7iX3TqY7cuOPjoSXnnzuS+br1yArwzHZNeY92ezndaZ85WQ73whaFK7ZpvQfqzsJsbylx8jm9nUTfjAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAI4bgz/ssH/9eHB16tpPO96Y2XSrVpXD4vhGR+CGHHzpHtOzdtvXroY9dcu33ryOahkZ1Do1t3br9h6Ow/H9o+um3zyA3j9w6/+6za45aGpDZNTpqy7d6xsbHSQPOyuL1/c+qen68873//JoTh4346WMnNf9W9W+4/tsXvjGTN2Pu3XHvxT8/5SrpfA2leAy3yGhsbGws5ef2fS39//2cO/Oq0EIb/aLq8nnnpL7/flNDEgsk4qVJvqCXUm/S1zKOedZpPbK/Kxk2bR4enb9/xx5dz9uPf3vjK7zZe/+nf19q3mrsfbbVvOcxfM7a59Pl1F/2/z99UW1SU1+E67kXtHfci5hfbr5q296J0vxbl7FclZ79u+/ETL3zvhDve2B2GK68vn7rtov3qSTtAT/LHbW03bqEvWdK0vJquH494fNyqnVu2rdpxw653b9oycvXo1aNb37v67NXnDp9z7jmrJvZ8VZf3P27/T9rc/0PTnxb/8+7vxN/t9aeivIraYzyv4vZozKhlXvPXjPVd8snPvvfepy+uLSjq53Ht+vkknfaNH+fVoaG/TW2rVvtV1A4hhKFW7TBp+vNQ45Fp/J2RrBl7dsVvv3Lel5f9RW3BlPP8vExe3TjPNybU4Xm+nvVkPhPtVU2Px1iH7fvaGxeE4//7plvnqn17Qzndr/6Wea1+9umeu/b/5l/q+c2bF64f2blz++ra7wVppguSE1vmlV0a92v5xO9ySJsl1Ltpi/46rifU8sueP+Pq2VbtT+/rT5a23K+seN++dXetLK9/an9eSycP1bY4PyysTZN35ay5OfPAcj3hVtvv9Pl3uPvH4Ae//MiHH/n22VP6x5m130X7leTs17deeOCzX/v0v/929/brg3/53MBv/8c/rawtOCTXj7M5r5RridSzTvNJGs8rZ4ZQ9PxbHlrvR+7zr9R6f4qef9ntTK7fOt5QZr4/lDt6vp75eN+rFz5924rc5+uBdp+vNzXNlQuer0dK/8k+v5JKcx5z9/xq6ijJmrEf3H7M7idvXntCbUHR62V97Vb9+qw26o+c/fr+ZS8OXjP07/5b984bX//zhy//2ciaf60t6Py4x1y6c9yraftWc9q3nnWsOxvb9z1XXbN5Q235kXv9m04L6p94Ktlxw66Pj2zePLp9R3v71e7radxOtpU7fT2NZ7elBftVmrJfc3ejnfZq9/kW89/QcXs1P9/6Q9LR68KuHy1Z8NFv3HHtwJRHpRu6opTGL3UU/xcXPvfaZXd89Yu58e+J8SsdxR95+Zm7lx975Z7c+PclafxqR/HX7H2ud+HBx5/IjT8c85/fUfyXzv/ALx984dFXcuOHGL+/s/Z/fc+5Lw4O/jo3/vNJup3xa6QQHn7zrI21+ST0pM+3mEdPU14hO59k5kuZ+XLjfCmWqOkGyknSvDyuly4/uSGXVv4xZ3m8Cqsuq03fivMhe2P65UeaUsO5v25gcnnRdSoAwNtdfP8/XoPG9/9H0wul/JEGmDTbOmxZTtxYh02O58xrun9ZGn9ZWpjEccDB94Th8ektQ7UL/Zm+jxCfD9lxzpjnaac0x+h0nLOnYPx9RWY+5lUbL6801KGpqXVNJbQx/j51O9OPv2d2v3h8fOj2KWkNNYxbLZvMZ6i2/b6W+Yap+VbGI+T1j+y4WPw8x+CisHZie232j+znaOJxyH6OJm7nhMyJs83Pq0z5HE3R+zNF/SOmPU3/mEi5+P2NqccvTNO+k8evdbTs8ZvB8a6Orz/X7892Ydyw5Snt0I0bzu37YcYlc+KnT7AjfdwwLo/7UWlzPPHDOcu7NZ4YTxcxrwPT5HIotBxPDMYTgaNfrP/ja8R4/T9+Af5/M+sVXYdmrxpjvNzPCZVb51NUd0z9nF5fR6/j6/du+1Tv4MHTcq9znmj3cz/bmub6Cj73U9SOKzPzhe2YM0BTVO9lt1PU7tnPZfSHhZl2v6V+33Tt/sDue993/+I7L8ht97W1F9Lidv9s09zCgnY/CuqF1vHVC++IemGux88OWz2SfvBpruqRf8hZPtN6pG/Kjfp+TThy65HJF9KmeqTn0OYFABw9Yv1ff/8srf//Z1whvY4oqltPz8zHeLl1a871SV7d+vfp9PrM+v3p/6iY6XXzRac+duuCg4+elFu33NduHfofm+YGCuvQbN3cXr6xbh6Yl5Pv2u58Xjy3jqjXWbOrE3ProHqdOLs6PTd+vU6fXR2d2z71Onp24wC58evjAEd7nVswXpfZWJxtd7zusNTRi5r3c07q6PS/z3aljm4xxndJzn7PtI7un3KjeZOHvY5OG7ft9/XU0QDA20ys/+NlXKz/n86sN9v32XPrgi5dtw/lfAArXrfPfV0513XfXNetc13Xz/W4xNFeF89yXCgvfn1caG7HyQ7b+8vdrItbaLsuTjd61NbFKXUxAMDbW6z/56fz+fX/7OqTVvVbT1N9cvTV543rqc9z4hfW50nLrcR7j5z6/Egf/8qJXx//Uv/Paf0f50P2Rs1RU/9X1f8AAG9nsf6P/+0x/v2//5zOZ/9u/dFYpwfvo7+D3kc/2uv07o+zha58DqBqHKCFtsYB5k+uf9SMA/gcAADA20rPRKU09f/ZfySdZv+ffd7/y78sZ/12VdLL4yt3bh8dvfzabRtGdo5evvWaDaM7Lr9u+6adO0e31tabbd2YW7ekdWNPqKTt0Xq9bN22OP17CItz/h5Cdv0Y9sSJG1P/HkJ2s/ML/o7A5PHLPHB36+3nHb9STr55/SPveOfF/8ec9aP68b/qn868fOOOyzdt3bRz08jmTbtGm9cbr1r7ZvC9mUn6M6PvS838mqI08+/vjIdndnmUpuTRk7ZH3vezJ5k8lqSZLMn7/oOcvH/4Xz/zz6eO/f7BEIaPK79rVu2XrBn7T5eO/v3O/T/dNp5/adr862umeRV9X2l2/bg/lc3X7Nh5xsZrrt2a/UbJzsTxjFJ9fo7GM9Knf7nN8Yn1Octn+jmF8pQbR6a2xycAAGgS3/+P17Px/cNPpxdQcXn7dfrs3j/OrdOH26vTs99LVlSnZ9eP+9tunV7trE7vzdt+UZ3eav1WdXpe3Z0X/x9y1p+p9vvJ7D7nkdtPrmivn2S/z6Con2TXn2k/STodz8nZflE/abV+q36Sd9zz4n8oZ/08Rf2hUu8Ps/tcTm5/uKe9/vBnmfmi/pBdf6b9oTTL/pDdflF/aLV+q/6Qd3zz4l+cs367mvvHeMeY6Bejl193zfaPN6w3199/0WF+8ybzm9vv/+hU++07t5/7mvv85/ZzZXOf/+w+V5ab//OzGwlrP/9uf7/LH2r539ecfzpWmre7Uxyy8dr0TFD0+bOicdx1OctnOo47b8qNI5NxXDh8Yv0f3+6J9f+d6bTbbwMd/d+T5nvMWsbv0veYFV3HHJ7X89qzwOt5Ma/nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO3prSybmO6/bcfBi0/42x9+YvTNm//uu1tu+dMbv/6roav++gcP9X3trX0bTt74s7855qrHPnbB3nu/9OQbCx/5w8uFgQcmfldOT2erISSvJiFUv3fgc5/c9+zx48uSEEI5GdgdwpJk6ZNLkkyE4d+FEDbU82y+8+E3z9o4Pr3lzt6m5YszQbL7FfrLMZ/GPEO4vnCPOApV03626+B1Z4Sf/9W6W3+8/Fvf7Nnzyu7JVZJqQ38KYdEVjY/vCSHMT3/Gxd62LD44na4NIfQ1PO68grxOaTP/VTnzJ6bTeem0vyBOvH9FZr6UWS87H/Vkpn0F25utvDw6Xa/Igsx89mQ0W3l5xuVL0ul30unpM4xfjj9JKCWhUk9/czLZR0LDcUtCMnEsq/X5Uv3YhnT/M/NJZr6UmS/3ZPZrYrtpRysnSfPyuF5meTwdV9LlJzeeq1u4pCnj6Ir/EG9V0yfqW3E+ZG/U9E+50Rw15nVgmlwOhVLDOajV8norpAejP13Wnyyd8pixFuJ9+9bdtbK8/qn9Azl5JA8lafyko/i7frRkwUe/cce1y/LiX1FK45c6iv+LC5977bI7vvrF3Pj3xPjljuKf+Xjfqxc+fduK3PY5ENun0lH8kZefuXv5sVfuyc3/vhi/2lH8NXuf61148PEncvMfju0zv6P4L53/gV8++MKjr+TGDzF+X0fx1+/d9qnewYOn5cZ/IrZPf2f95/U95744OPjrobz4z8f4CzuK/8Due993/+I7L8g9vmtj+wx0FP+iUx+7dcHBR0/KO3cm93XrlRPgnemYMDZxjXV7Ot9pnTlbDfXCF4YqtWu+BenPwm5uKGN8O4vmMD4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG9PP7np7I9c+v4PraskISQ564y1EO8rz1uzZqiD7Y68/Mzdy4+9ck/jsmUdxAEAAACKxTq8VF9SDcvCdcn8cGLL9eMYwYlxLmlenh1DiHGyYwSdxil1KU65S3EqXYrT06U487oUp7dLcaoFcaqhvTjzp4lTGe8VbebTN20+7cfp71KcBV2Ks7A7cQYWdSmfxV2KMzBtnPb74ZIuxVnapTjHdCnOsV2Kc1yX4vxRl+Ic36U42THlmfbDhemaJ+TFmbhRLoxTScr1O1qNpx+fbuekWW6nv2A7C4tej9vczvw2t3NK5nGlGW6n2uZ2/mSW20na3M6fzXI7pYLtxH57fTa/uJ0412b/v6GdOKWp92fj7OpSPjd2Kc5NXYrzL12K869dinPzLOMAtCvW/5P13kDorfxF6EvPONlRgFjvLp/4PfX1Lu+EFOO9K7N8XlG8bKGeibd8pvllBxAy8VZklvc0xavU65Fp4lUb463M3Dnd/p6/pnVujfFOzyzvnSZe0w4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwCHwk5vO/sil7//QupCE8X8NdtdvjbUQ7yvPW7NmqIPt7lt318ry+qf2Ny7rrXS0CwAAAECBWIf31JdUQ29ldehN5jWtV03HAarpfHmgNh1cFNaOT5Oh0sR8X7Jk2sdV0set2rll26odN+x696YtI1ePXj269b2rz1597vA5556zauOmzaPDtd8h9BbECyFMDD/suGHXx0c2bx7dvqO2MJv/svRxy9L5JH3c4HvC8Pj0ljT/pQXbK03Z3tzdKD56AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw/9m1uxC5zvIB4O+ZmZ2Zbpt/90+/pqHZDPkoUasmcSupls4BwULzQZaCzFTXEmyCxU0T2qTEOrYB25qgCC2BEMmFkVhsLd70wxaxHwQiNRpwY5C2aC70Qmm1kpZcSMpIdufMzpyd6axDadr4+12cj/d9nvc577lYeM4OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAB2uqPjZRrYzXhqMQou4hmea50S6ZzObjuDxA3a88v/0HhdEzK9rHCrkBFgIAAAD6SvrwodZIMRRy2ZANV0/fLQltE2G27wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP73TNXHJqqV8drFUQhRj5hGF8lcNh/H5QHqnnr7yc++Ojr6t/ax0gDrAAAAAP0lfXimNVIMpbA0DEVXd8Ql3wYWpvLTcck6i+YZl/520Ctu6Tzjrp1n3Mf6xG1onncFAAAA+OhL+v9ca2QkFHILevb//fr6JG5xKi7bPM//twL5eUcCAAAA7y3p/wutkVIo5Eqtfn2+/f6SVFyS3+//9kn+8h75/f6fv7559n96AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjomKqPTVQr47VsFELUI6bRRTKXzcdxeYC6q18Y/sfaIw8taR8r5AZYCAAAAOgr6cNnW+9iKOSGw1C4eLrvH7354NNfevrZsRDCTJufz4ddm3bsuHv1zDGJW3XsyND3j7757Tlxq2aO522DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA+2aqPjZRrYzXLopCiHrENLpI5rL5OC4PUPf1z3/xL4+ffO6N9rHSAOsAAAAA/SV9+GzvXwylkA/5cOX0XXuvf04mld/rmwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw4bjnm/d9Y9Pk5Oa7Xbhw4aJ1cb7/MgEAAO+3xSEKjf/SVRvP91MDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfBlP1sYlqZbxWjEKIesQ0ukjmsvk4Lg9QN37+eGHBmRdeah8rDbAOAAAA0F/Sh8/2/sVQCkNhKFwxfdftm8B0/z/yAT4kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8KEyVR+bqFbGawuiEKIeMY0ukrlsPo7LA9R9bPeBzx2+9Hu3tI8VcgMsBAAAAPSV9OH51kgxFHIfD4VwTfN+sjMhyjbP3b8LzOZt70gbnndevSMvO++8Pamd5Zq7mckrJuuNzJxbeeW5eeW2vFJolS935IV9HVkL+jxnAAAAgPMo6f8Lzfszc/rqn3bEj+hzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAepupjE9XKeC2KQoh6xDS6SOay+TguD1D3vt/+/yVf/dnene1jpQHWAQAAAPpL+vDZ3r8YSmFR+L+waLrvDyOd8UncP6tnDz/6r7+uCGHllSdGc+llf5Rc/Pr1m15MH0LIdEZnQri0WS/qUe83v3/03mWNs4+HsPKK7DVz6oX3rte5ZNx4prp5/Y6jJ7b3eTkAAABwgUj6/6HWyEgo5O7q1v8X2/P69P8t0w34pffu/sXlzWOzI09lZEaa9TKp/j+J+8KyJ/+8fM3f3zzX/8+t98nW1acPbD18eUfBmZGUKG5Utu7ccOL6Q5lk1zP1s6n6yXv58rfe+PeWXY+cnalfbL2MhalHmak295gqH+LGZGZ/bd27++ud9XM99v/Q7146+auFe985V//txcOt+teGbvXbd951/xfFjeFbH953w4EjGzrrhxDK3eq/9c4t4ao/3vlgev/DqYXb33z7Mf0C4saxJacPrTlYurGzfpSqn7z/n598bN9PHvnus0n95LciK5bOt34mVf+VPZftfvmBjQs762d67P/F214d3Vb+zh/S+7+jY9Vcz6eYu/8nrnvq9tc2xfenpwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4sU/WxiWplvJaJQoh6xDS6SOay+TguD1D31Nrjb92298c/bB8rDbAOAAAA0F/Sh8/2/sVQCvmQD8PTff8z1c3rdxw9sT2MzMxGzXNucts9Oz6xZdvOu+44T08OAAAAzNeptdF0/59rjYyEQm5ZGGr2/5WtOzecuP5QJun/M+fOUQhhy52Tm1eGVtwrey7b/fIDGxe2vhOEMP2zgOK5uM/Mxt180/GR03/6+vKucatn444tOX1ozcHSjUlcaI9bFVrfJ5647qnbX9sU3996vva4T31t22Tz80Sy7vCtD++74cCRDZnkO0bzPNxcN4mbzOyvrXt3fz2JyzbPxea+AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC5pupjE9XKeC1kQ4h6xDS6SOay+TguD1B33bJfPnjJmecWtY8VcgMsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsJ+3YXGUfVxAD5nN3mzzSZ9k1YwKqZpVZR6YVEQwRsVFWlFCl5VilRbeyEKgohSL0ylFYsfeCNYvSmCghqloGBjsbRKKn4Vb7xQQaF6IZRiQLsUL1R298x2M91xdVIF9XlgOTlnZn7znzlnZrMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/yhDAxOt9vDO+xu3nHvDR4/edeKRm965d/vFD7/63dTm6z7cO/zSybktK7d+ef3yzfvvXju7+4VDP42+9cvRvsEPtZvVqVsLIR6PIdTenX/2sbmPz26OxRBCNY5NhzAelx0aj7mENT+HELZ06ly48c0TV2xtttufGFow/v9cSP66Qr2a1dM2trBe/l1qaZ1tazx4afj62g07Pl3xxuuDM8emT+0Sa13rKYSlm7qPHwwhLEmfpmy1TWQHp3Z9CGG467ir+tR1wR+s/7KC/nmp/V9q631ysu2rcv1Kbr98PzOYa4f7nG+xiuoou18/I7l+/mW0WEV1ZuPjqX07tav/ZH41+8RQiWGgU/498dQaCV3zFkNszWWt06905jak68/1Y65fyfWrg7nrap03LbRqjAvHs/1y49nreCCNr+x+V/dwa8H4OamtpQf1ZNYP+T/a6qf90bmulqyu+d+p5e9Q6XoH9RrvTHyajHoaq8dlpx3zaw/ZtrkNT15U3fje4bGCOuLemPJjqfxtn4yP3P7argcmivI3VVJ+pVT+N+uO/HDbrhefL8x/Jsuvlsq//MDw8XXv71xVeH/ms/szUCr/jqMfPLXirDtnes11K39Pll8rlX/N7JGh0caBg4X1r8nuz5JS+V9dfeO3r3y+71hhfsjyh0vlb5y97+mhycYlhfkH249CvbVCS6yfH2eu/GJy8vupovzPsvs/2iM/9s1/eXp38wldW7g+12f3Z6xU/TdfuH/HSGPf+UXvzrjnTH1zAvw3LU//Yz2e+mV/Zy5W1++F56YG2t9AI+kzeiZPlNM8z9K/MB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOA3duCABAAAAEDQ/9ftCBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICnAgAA//+RiiO/")
r9 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
fallocate(r9, 0x0, 0x0, 0x1001f0)
r10 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r10, 0xc020660b, &(0x7f0000000100)={0x2000, 0xffffffff000})

[  120.112586][ T4670] Bluetooth: hci0: command tx timeout
[  120.210376][ T5330] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  120.546239][ T5330] loop0: detected capacity change from 0 to 32768
[  120.740002][ T5330] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=ro,errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names,read_only
[  120.747653][ T5330] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[  120.751170][ T5330] bcachefs (loop0): Version upgrade required:
[  120.751170][ T5330] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  120.751170][ T5330] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.20: directory_size
[  120.751170][ T5330]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[  120.788324][ T5330] bcachefs (loop0): error validating btree node on loop0 at btree extents level 0/0
[  120.788347][ T5330]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0  
[  120.788357][ T5330]   node offset 0/16: incorrect min_key: got 0:36028797018963968:0 should be POS_MIN
[  120.803583][ T5330] bcachefs (loop0): running explicit recovery pass check_topology (2), currently at recovery_pass_empty (0)
[  120.808304][ T5330] bcachefs (loop0): flagging btree extents lost data
[  120.811736][ T5330] bcachefs (loop0): running explicit recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0)
[  120.820952][ T5330] error reading btree root btree=extents level=0: btree_node_read_error, fixing
[  120.826851][ T5330] bcachefs (loop0): error validating btree node at btree inodes level 0/0
[  120.826871][ T5330]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0  
[  120.826880][ T5330]   node offset 16/24 bset u64s 110 bset byte offset 152: keys out of order: u64s 16 type inode_v3 134217728:4096:U32_MAX len 0 ver 0 > u64s 18 type inode_v3 0:4098:U32_MAX len 0 ver 0, fixing
[  120.846154][ T5330] invalid bkey in btree_node btree=inodes level=0: u64s 16 type inode_v3 134217728:4096:U32_MAX len 0 ver 0: 
[  120.846170][ T5330]   mode=40755
[  120.846176][ T5330]   flags=(16300000)
[  120.846182][ T5330]   journal_seq=0
[  120.846189][ T5330]   hash_seed=28e4f092a4fc58ee
[  120.846194][ T5330]   hash_type=siphash
[  120.846201][ T5330]   bi_size=0
[  120.846206][ T5330]   bi_sectors=0
[  120.846212][ T5330]   bi_version=0
[  120.846217][ T5330]   bi_atime=200535484
[  120.846223][ T5330]   bi_ctime=2780562352
[  120.846229][ T5330]   bi_mtime=2780562352
[  120.846234][ T5330]   bi_otime=200535484
[  120.846241][ T5330]   bi_uid=0
[  120.846246][ T5330]   bi_gid=0
[  120.846253][ T5330]   bi_nlink=2
[  120.846259][ T5330]   bi_generation=0
[  120.846265][ T5330]   bi_dev=0
[  120.846272][ T5330]   bi_data_checksum=0
[  120.846279][ T5330]   bi_compression=0
[  120.846285][ T5330]   bi_project=0
[  120.846290][ T5330]   bi_background_compression=0
[  120.846296][ T5330]   bi_data_replicas=0
[  120.846301][ T5330]   bi_promote_target=0
[  120.846307][ T5330]   bi_foreground_target=0
[  120.846312][ T5330]   bi_background_target=0
[  120.846318][ T5330]   bi_erasure_code=0
[  120.846324][ T5330]   bi_fields_set=0
[  120.846330][ T5330]   bi_dir=0
[  120.846335][ T5330]   bi_dir_offset=0
[  120.846340][ T5330]   bi_subvol=1
[  120.846346][ T5330]   bi_parent_subvol=0
[  120.846352][ T5330]   bi_nocow=0
[  120.846357][ T5330]   bi_depth=0
[  120.846363][ T5330]   bi_inodes_32bit=0
[  120.846368][ T5330]   nonzero k.p.inode: delete?, fixing
[  120.916940][ T5330] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error
[  120.916940][ T5330]   btree=inodes level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0
[  120.928480][ T5330] bcachefs (loop0): error validating btree node on loop0 at btree dirents level 0/0
[  120.928495][ T5330]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0  
[  120.928505][ T5330]   node offset 16/24: btree node data missing: expected 24 sectors, found 16, fixing
[  120.946479][ T5330] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error
[  120.946479][ T5330]   btree=dirents level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0
[  120.959178][ T5330] bcachefs (loop0): error validating btree node at btree alloc level 0/0
[  120.959195][ T5330]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0  
[  120.959206][ T5330]   node offset 8/24 bset u64s 375 bset byte offset 184: keys out of order: u64s 11 type alloc_v4 0:32:0 len 0 ver 0 > u64s 11 type alloc_v4 0:2:0 len 0 ver 0, fixing
[  120.975794][ T5330] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error
[  120.975794][ T5330]   btree=alloc level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0
[  120.986276][ T5330] bcachefs (loop0): error validating btree node on loop0 at btree lru level 0/0
[  120.986292][ T5330]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key POS_MIN durability: 1 ptr: 0:28:0 gen 0  
[  120.986303][ T5330]   node offset 0/16: incorrect min_key: got 144115188075855872:0:0 should be POS_MIN
[  121.000069][ T5330] bcachefs (loop0): flagging btree lru lost data
[  121.003440][ T5330] error reading btree root btree=lru level=0: btree_node_read_error, fixing
[  121.008011][ T5330] ==================================================================
[  121.010953][ T5330] BUG: KASAN: use-after-free in crc64_be+0x131/0x1f0
[  121.013499][ T5330] Read of size 1 at addr ffff888045d28000 by task syz.0.0/5330
[  121.016168][ T5330] 
[  121.017116][ T5330] CPU: 0 UID: 0 PID: 5330 Comm: syz.0.0 Not tainted 6.14.0-rc7-syzkaller-00074-ga7f2e10ecd8f #0
[  121.017132][ T5330] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  121.017141][ T5330] Call Trace:
[  121.017149][ T5330]  <TASK>
[  121.017154][ T5330]  dump_stack_lvl+0x241/0x360
[  121.017200][ T5330]  ? __pfx_dump_stack_lvl+0x10/0x10
[  121.017214][ T5330]  ? __pfx__printk+0x10/0x10
[  121.017227][ T5330]  ? _printk+0xd5/0x120
[  121.017261][ T5330]  ? __virt_addr_valid+0x183/0x530
[  121.017275][ T5330]  ? __virt_addr_valid+0x183/0x530
[  121.017286][ T5330]  print_report+0x16e/0x5b0
[  121.017300][ T5330]  ? __virt_addr_valid+0x183/0x530
[  121.017311][ T5330]  ? __virt_addr_valid+0x183/0x530
[  121.017323][ T5330]  ? __virt_addr_valid+0x45f/0x530
[  121.017334][ T5330]  ? __phys_addr+0xba/0x170
[  121.017344][ T5330]  ? crc64_be+0x131/0x1f0
[  121.017357][ T5330]  kasan_report+0x143/0x180
[  121.017372][ T5330]  ? crc64_be+0x131/0x1f0
[  121.017384][ T5330]  crc64_be+0x131/0x1f0
[  121.017396][ T5330]  bch2_checksum_update+0x10f/0x160
[  121.017414][ T5330]  bch2_checksum+0x37e/0x780
[  121.017430][ T5330]  ? __pfx_bch2_checksum+0x10/0x10
[  121.017450][ T5330]  ? __pfx_validate_bset_keys+0x10/0x10
[  121.017466][ T5330]  ? __pfx_validate_bset+0x10/0x10
[  121.017480][ T5330]  ? kfree+0x196/0x430
[  121.017494][ T5330]  ? krealloc_noprof+0x1ad/0x300
[  121.017511][ T5330]  ? bch2_bpos_to_text+0x295/0x3a0
[  121.017525][ T5330]  ? __pfx_bch2_bpos_to_text+0x10/0x10
[  121.017538][ T5330]  ? prt_str+0x4af/0x7d0
[  121.017551][ T5330]  ? bch2_btree_node_read_done+0x21f3/0x6270
[  121.017564][ T5330]  ? bch2_journal_seq_is_blacklisted+0x134/0x330
[  121.017581][ T5330]  bch2_btree_node_read_done+0x1456/0x6270
[  121.017605][ T5330]  ? __pfx_bch2_btree_node_read_done+0x10/0x10
[  121.017619][ T5330]  ? __pfx_lock_acquire+0x10/0x10
[  121.017636][ T5330]  ? bch2_bkey_pick_read_device+0x221/0x1850
[  121.017650][ T5330]  ? __pfx_lock_release+0x10/0x10
[  121.017666][ T5330]  ? __lock_acquire+0x1397/0x2100
[  121.017684][ T5330]  ? bch2_bkey_pick_read_device+0x221/0x1850
[  121.017696][ T5330]  ? bch2_bkey_pick_read_device+0x1561/0x1850
[  121.017713][ T5330]  ? bch2_bkey_pick_read_device+0x221/0x1850
[  121.017728][ T5330]  ? __pfx_bch2_bkey_pick_read_device+0x10/0x10
[  121.017742][ T5330]  ? bch2_btree_ptr_v2_to_text+0x209/0x2f0
[  121.017757][ T5330]  ? __pfx_bch2_btree_ptr_v2_to_text+0x10/0x10
[  121.017775][ T5330]  btree_node_read_work+0x6dc/0x1380
[  121.017795][ T5330]  ? __pfx_btree_node_read_work+0x10/0x10
[  121.017810][ T5330]  ? bch2_latency_acct+0x47b/0x550
[  121.017824][ T5330]  ? __pfx_bch2_latency_acct+0x10/0x10
[  121.017837][ T5330]  ? bio_associate_blkg+0x6c/0x230
[  121.017856][ T5330]  bch2_btree_node_read+0x2433/0x29f0
[  121.017874][ T5330]  ? bch2_trans_unlock+0x35e/0x480
[  121.017892][ T5330]  ? __pfx_bch2_btree_node_read+0x10/0x10
[  121.017956][ T5330]  ? __pfx___bch2_btree_node_hash_insert+0x10/0x10
[  121.018023][ T5330]  ? bch2_trans_unlock+0x3b5/0x480
[  121.018043][ T5330]  bch2_btree_root_read+0x626/0x7b0
[  121.018058][ T5330]  ? __pfx_bch2_btree_root_read+0x10/0x10
[  121.018075][ T5330]  ? bch2_current_has_btree_trans+0x142/0x180
[  121.018088][ T5330]  read_btree_roots+0x3d3/0xa70
[  121.018108][ T5330]  ? __pfx_read_btree_roots+0x10/0x10
[  121.018122][ T5330]  ? journal_replay_entry_early+0x4d/0xb70
[  121.018141][ T5330]  ? bch2_sb_upgrade+0x21b/0x2a0
[  121.018152][ T5330]  ? bch2_recovery_passes_from_stable+0x104/0x120
[  121.018169][ T5330]  bch2_fs_recovery+0x260f/0x3de0
[  121.018188][ T5330]  ? __pfx_bch2_fs_recovery+0x10/0x10
[  121.018211][ T5330]  ? __pfx_lock_release+0x10/0x10
[  121.018228][ T5330]  ? bch2_get_next_online_dev+0x2b/0x4f0
[  121.018243][ T5330]  ? __pfx_lock_release+0x10/0x10
[  121.018262][ T5330]  ? bch2_get_next_online_dev+0x2b/0x4f0
[  121.018275][ T5330]  ? bch2_get_next_online_dev+0x4b9/0x4f0
[  121.018288][ T5330]  ? bch2_get_next_online_dev+0x2b/0x4f0
[  121.018303][ T5330]  ? llist_reverse_order+0x72/0x90
[  121.018323][ T5330]  bch2_fs_start+0x37c/0x610
[  121.018338][ T5330]  bch2_fs_get_tree+0xdb7/0x17a0
[  121.018357][ T5330]  ? __pfx_bch2_fs_get_tree+0x10/0x10
[  121.018375][ T5330]  ? vfs_parse_monolithic_sep+0x423/0x460
[  121.018392][ T5330]  ? __pfx_vfs_parse_comma_sep+0x10/0x10
[  121.018407][ T5330]  ? vfs_parse_fs_string+0x190/0x230
[  121.018423][ T5330]  ? rcu_is_watching+0x15/0xb0
[  121.018437][ T5330]  ? apparmor_capable+0x13b/0x1b0
[  121.018452][ T5330]  vfs_get_tree+0x90/0x2b0
[  121.018467][ T5330]  do_new_mount+0x2be/0xb40
[  121.018484][ T5330]  ? __pfx_do_new_mount+0x10/0x10
[  121.018502][ T5330]  __se_sys_mount+0x2d6/0x3c0
[  121.018519][ T5330]  ? __pfx___se_sys_mount+0x10/0x10
[  121.018535][ T5330]  ? exc_page_fault+0x590/0x8b0
[  121.018595][ T5330]  ? __x64_sys_mount+0x20/0xc0
[  121.018614][ T5330]  do_syscall_64+0xf3/0x230
[  121.018633][ T5330]  ? clear_bhb_loop+0x35/0x90
[  121.018653][ T5330]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.018670][ T5330] RIP: 0033:0x7f84d738e90a
[  121.018682][ T5330] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  121.018692][ T5330] RSP: 002b:00007f84d8234e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  121.018706][ T5330] RAX: ffffffffffffffda RBX: 00007f84d8234ef0 RCX: 00007f84d738e90a
[  121.018715][ T5330] RDX: 0000200000000000 RSI: 0000200000000140 RDI: 00007f84d8234eb0
[  121.018726][ T5330] RBP: 0000200000000000 R08: 00007f84d8234ef0 R09: 0000000000008081
[  121.018734][ T5330] R10: 0000000000008081 R11: 0000000000000246 R12: 0000200000000140
[  121.018743][ T5330] R13: 00007f84d8234eb0 R14: 00000000000059c7 R15: 00002000000000c0
[  121.018755][ T5330]  </TASK>
[  121.018760][ T5330] 
[  121.209085][ T5330] The buggy address belongs to the physical page:
[  121.211300][ T5330] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x45d28
[  121.214228][ T5330] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  121.216403][ T5330] raw: 04fff00000000000 ffffea0001174b08 ffff88801fc44c20 0000000000000000
[  121.219375][ T5330] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  121.222322][ T5330] page dumped because: kasan: bad access detected
[  121.224543][ T5330] page_owner tracks the page as freed
[  121.226237][ T5330] page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x452cd0(GFP_KERNEL_ACCOUNT|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_RECLAIMABLE), pid 5330, tgid 5329 (syz.0.0), ts 120636737982, free_ts 121007607083
[  121.232814][ T5330]  post_alloc_hook+0x1f4/0x240
[  121.234556][ T5330]  get_page_from_freelist+0x365c/0x37a0
[  121.236570][ T5330]  __alloc_frozen_pages_noprof+0x292/0x710
[  121.238539][ T5330]  __alloc_pages_noprof+0xa/0x30
[  121.240266][ T5330]  ___kmalloc_large_node+0x8b/0x1d0
[  121.242021][ T5330]  __kmalloc_large_node_noprof+0x1a/0x80
[  121.243925][ T5330]  __kmalloc_node_noprof+0x33a/0x4d0
[  121.245911][ T5330]  __kvmalloc_node_noprof+0x72/0x190
[  121.248176][ T5330]  btree_node_data_alloc+0xdb/0x260
[  121.249984][ T5330]  __bch2_btree_node_mem_alloc+0x201/0x420
[  121.252202][ T5330]  bch2_fs_btree_cache_init+0x27a/0x630
[  121.254208][ T5330]  bch2_fs_open+0x2d2d/0x31e0
[  121.255808][ T5330]  bch2_fs_get_tree+0x738/0x17a0
[  121.257533][ T5330]  vfs_get_tree+0x90/0x2b0
[  121.259085][ T5330]  do_new_mount+0x2be/0xb40
[  121.260652][ T5330]  __se_sys_mount+0x2d6/0x3c0
[  121.262275][ T5330] page last free pid 5330 tgid 5329 stack trace:
[  121.264413][ T5330]  free_frozen_pages+0xe0d/0x10e0
[  121.266158][ T5330]  __folio_put+0x2b3/0x360
[  121.267800][ T5330]  free_large_kmalloc+0xfe/0x180
[  121.269634][ T5330]  kfree+0x212/0x430
[  121.270974][ T5330]  bch2_btree_node_read_done+0x3db9/0x6270
[  121.273005][ T5330]  btree_node_read_work+0x6dc/0x1380
[  121.274733][ T5330]  bch2_btree_node_read+0x2433/0x29f0
[  121.276592][ T5330]  bch2_btree_root_read+0x626/0x7b0
[  121.278406][ T5330]  read_btree_roots+0x3d3/0xa70
[  121.280220][ T5330]  bch2_fs_recovery+0x260f/0x3de0
[  121.281970][ T5330]  bch2_fs_start+0x37c/0x610
[  121.283543][ T5330]  bch2_fs_get_tree+0xdb7/0x17a0
[  121.285295][ T5330]  vfs_get_tree+0x90/0x2b0
[  121.287008][ T5330]  do_new_mount+0x2be/0xb40
[  121.288685][ T5330]  __se_sys_mount+0x2d6/0x3c0
[  121.290551][ T5330]  do_syscall_64+0xf3/0x230
[  121.292345][ T5330] 
[  121.293160][ T5330] Memory state around the buggy address:
[  121.295531][ T5330]  ffff888045d27f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  121.298282][ T5330]  ffff888045d27f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  121.301057][ T5330] >ffff888045d28000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  121.304068][ T5330]                    ^
[  121.305527][ T5330]  ffff888045d28080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  121.308365][ T5330]  ffff888045d28100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  121.311090][ T5330] ==================================================================
[  121.340976][ T5330] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  121.343801][ T5330] CPU: 0 UID: 0 PID: 5330 Comm: syz.0.0 Not tainted 6.14.0-rc7-syzkaller-00074-ga7f2e10ecd8f #0
[  121.347614][ T5330] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  121.351765][ T5330] Call Trace:
[  121.352989][ T5330]  <TASK>
[  121.354225][ T5330]  dump_stack_lvl+0x241/0x360
[  121.355939][ T5330]  ? __pfx_dump_stack_lvl+0x10/0x10
[  121.357879][ T5330]  ? __pfx__printk+0x10/0x10
[  121.359485][ T5330]  ? preempt_schedule+0xe1/0xf0
[  121.361146][ T5330]  ? vscnprintf+0x5d/0x90
[  121.362733][ T5330]  panic+0x349/0x880
[  121.364078][ T5330]  ? check_panic_on_warn+0x21/0xb0
[  121.365814][ T5330]  ? __pfx_panic+0x10/0x10
[  121.367445][ T5330]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  121.369487][ T5330]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  121.371690][ T5330]  ? print_report+0x519/0x5b0
[  121.373321][ T5330]  check_panic_on_warn+0x86/0xb0
[  121.375093][ T5330]  ? crc64_be+0x131/0x1f0
[  121.376747][ T5330]  end_report+0x77/0x160
[  121.378300][ T5330]  kasan_report+0x154/0x180
[  121.379949][ T5330]  ? crc64_be+0x131/0x1f0
[  121.381472][ T5330]  crc64_be+0x131/0x1f0
[  121.382931][ T5330]  bch2_checksum_update+0x10f/0x160
[  121.384844][ T5330]  bch2_checksum+0x37e/0x780
[  121.386447][ T5330]  ? __pfx_bch2_checksum+0x10/0x10
[  121.388334][ T5330]  ? __pfx_validate_bset_keys+0x10/0x10
[  121.390399][ T5330]  ? __pfx_validate_bset+0x10/0x10
[  121.392260][ T5330]  ? kfree+0x196/0x430
[  121.393757][ T5330]  ? krealloc_noprof+0x1ad/0x300
[  121.395527][ T5330]  ? bch2_bpos_to_text+0x295/0x3a0
[  121.397351][ T5330]  ? __pfx_bch2_bpos_to_text+0x10/0x10
[  121.399201][ T5330]  ? prt_str+0x4af/0x7d0
[  121.400651][ T5330]  ? bch2_btree_node_read_done+0x21f3/0x6270
[  121.402722][ T5330]  ? bch2_journal_seq_is_blacklisted+0x134/0x330
[  121.404918][ T5330]  bch2_btree_node_read_done+0x1456/0x6270
[  121.406964][ T5330]  ? __pfx_bch2_btree_node_read_done+0x10/0x10
[  121.409114][ T5330]  ? __pfx_lock_acquire+0x10/0x10
[  121.410893][ T5330]  ? bch2_bkey_pick_read_device+0x221/0x1850
[  121.413017][ T5330]  ? __pfx_lock_release+0x10/0x10
[  121.414758][ T5330]  ? __lock_acquire+0x1397/0x2100
[  121.416653][ T5330]  ? bch2_bkey_pick_read_device+0x221/0x1850
[  121.418929][ T5330]  ? bch2_bkey_pick_read_device+0x1561/0x1850
[  121.421131][ T5330]  ? bch2_bkey_pick_read_device+0x221/0x1850
[  121.423274][ T5330]  ? __pfx_bch2_bkey_pick_read_device+0x10/0x10
[  121.425589][ T5330]  ? bch2_btree_ptr_v2_to_text+0x209/0x2f0
[  121.427860][ T5330]  ? __pfx_bch2_btree_ptr_v2_to_text+0x10/0x10
[  121.430033][ T5330]  btree_node_read_work+0x6dc/0x1380
[  121.431966][ T5330]  ? __pfx_btree_node_read_work+0x10/0x10
[  121.433992][ T5330]  ? bch2_latency_acct+0x47b/0x550
[  121.435845][ T5330]  ? __pfx_bch2_latency_acct+0x10/0x10
[  121.438063][ T5330]  ? bio_associate_blkg+0x6c/0x230
[  121.439975][ T5330]  bch2_btree_node_read+0x2433/0x29f0
[  121.441998][ T5330]  ? bch2_trans_unlock+0x35e/0x480
[  121.443939][ T5330]  ? __pfx_bch2_btree_node_read+0x10/0x10
[  121.445961][ T5330]  ? __pfx___bch2_btree_node_hash_insert+0x10/0x10
[  121.448327][ T5330]  ? bch2_trans_unlock+0x3b5/0x480
[  121.450251][ T5330]  bch2_btree_root_read+0x626/0x7b0
[  121.452075][ T5330]  ? __pfx_bch2_btree_root_read+0x10/0x10
[  121.454121][ T5330]  ? bch2_current_has_btree_trans+0x142/0x180
[  121.456294][ T5330]  read_btree_roots+0x3d3/0xa70
[  121.458041][ T5330]  ? __pfx_read_btree_roots+0x10/0x10
[  121.459942][ T5330]  ? journal_replay_entry_early+0x4d/0xb70
[  121.461997][ T5330]  ? bch2_sb_upgrade+0x21b/0x2a0
[  121.463798][ T5330]  ? bch2_recovery_passes_from_stable+0x104/0x120
[  121.465983][ T5330]  bch2_fs_recovery+0x260f/0x3de0
[  121.467877][ T5330]  ? __pfx_bch2_fs_recovery+0x10/0x10
[  121.469786][ T5330]  ? __pfx_lock_release+0x10/0x10
[  121.471592][ T5330]  ? bch2_get_next_online_dev+0x2b/0x4f0
[  121.473574][ T5330]  ? __pfx_lock_release+0x10/0x10
[  121.475376][ T5330]  ? bch2_get_next_online_dev+0x2b/0x4f0
[  121.477337][ T5330]  ? bch2_get_next_online_dev+0x4b9/0x4f0
[  121.479253][ T5330]  ? bch2_get_next_online_dev+0x2b/0x4f0
[  121.481161][ T5330]  ? llist_reverse_order+0x72/0x90
[  121.483004][ T5330]  bch2_fs_start+0x37c/0x610
[  121.484619][ T5330]  bch2_fs_get_tree+0xdb7/0x17a0
[  121.486363][ T5330]  ? __pfx_bch2_fs_get_tree+0x10/0x10
[  121.488383][ T5330]  ? vfs_parse_monolithic_sep+0x423/0x460
[  121.490394][ T5330]  ? __pfx_vfs_parse_comma_sep+0x10/0x10
[  121.492184][ T5330]  ? vfs_parse_fs_string+0x190/0x230
[  121.493887][ T5330]  ? rcu_is_watching+0x15/0xb0
[  121.495394][ T5330]  ? apparmor_capable+0x13b/0x1b0
[  121.497038][ T5330]  vfs_get_tree+0x90/0x2b0
[  121.499339][ T5330]  do_new_mount+0x2be/0xb40
[  121.501134][ T5330]  ? __pfx_do_new_mount+0x10/0x10
[  121.502974][ T5330]  __se_sys_mount+0x2d6/0x3c0
[  121.504966][ T5330]  ? __pfx___se_sys_mount+0x10/0x10
[  121.507135][ T5330]  ? exc_page_fault+0x590/0x8b0
[  121.509288][ T5330]  ? __x64_sys_mount+0x20/0xc0
[  121.511463][ T5330]  do_syscall_64+0xf3/0x230
[  121.513154][ T5330]  ? clear_bhb_loop+0x35/0x90
[  121.514981][ T5330]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.517447][ T5330] RIP: 0033:0x7f84d738e90a
[  121.519298][ T5330] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  121.526789][ T5330] RSP: 002b:00007f84d8234e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  121.530464][ T5330] RAX: ffffffffffffffda RBX: 00007f84d8234ef0 RCX: 00007f84d738e90a
[  121.533708][ T5330] RDX: 0000200000000000 RSI: 0000200000000140 RDI: 00007f84d8234eb0
[  121.536433][ T5330] RBP: 0000200000000000 R08: 00007f84d8234ef0 R09: 0000000000008081
[  121.539597][ T5330] R10: 0000000000008081 R11: 0000000000000246 R12: 0000200000000140
[  121.542534][ T5330] R13: 00007f84d8234eb0 R14: 00000000000059c7 R15: 00002000000000c0
[  121.545278][ T5330]  </TASK>
[  121.546596][ T5330] Kernel Offset: disabled
[  121.548586][ T5330] Rebooting in 86400 seconds..