last executing test programs: 8.360902525s ago: executing program 2 (id=30): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) 6.929177115s ago: executing program 2 (id=40): syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f0000000240)={[{@nodiscard}, {@nocheckpoint_merge}, {@alloc_mode_def}, {@six_active_logs}, {@flush_merge}, {@fault_injection={'fault_injection', 0x3d, 0x4ee}}, {@acl}, {@noacl}, {@compress_cache}, {@alloc_mode_def}, {@noextent_cache}, {@compress_cache}, {@fault_type={'fault_type', 0x3d, 0x4}}]}, 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S") r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x6a000}], 0x1, 0x7000, 0x0, 0x3) lseek(r0, 0x7, 0x3) 5.662798116s ago: executing program 0 (id=48): r0 = socket$inet(0x2, 0x3, 0x8) setsockopt$inet_int(r0, 0x0, 0x5, &(0x7f0000000080)=0x7, 0x4) r1 = socket$inet(0x2, 0x6000000000000003, 0x6) dup3(r0, r1, 0x0) 5.444692852s ago: executing program 0 (id=52): syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000005140)='./file0\x00', 0x0, &(0x7f0000005180), 0x1, 0x50ed, &(0x7f00000051c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTsT3573JENYvrOR3E/wmHm5XUpgfKxQ6WkmPbbFHXpgfLxQ65pIemydDeHBhZX9S+H8stJPClbV54UhSOB0L+fnQLRxLCifimfb52ny6aeH7WMgvsJiPV1Cs6V4SkfS42q/HQuGGPc52Dw4AAHBPieE5z7Jjvc2QRtn52qAdVg/aYWTQDvVBO4wmO6Q79tseZnsLcXv7zMalPf//yHD5P74Vq7JFv+v/Q7z+P3+uYff6/9lYaCSF+VhopXcMaMVjZGH343iMRivvcWV9twAAAAB3tfi9QH2F5wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP+zda4xc1X0A8LPP8T68XkiqEBolm6TGcROv1zaQqKXKmlI1IqVZNxRURRQbe00WL9ixTYlRiIxNRCMEpQ1S8qEIoyiq+QC1AhFJAeEixREqj4iqKIBAoTVEQaSUJCJNkEI1e++ZvXPuzsOPNV76+0neOTP/87zz8Jx775wLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/w8GvXPO3zeKP/va8Z1+4ePyKPWsvfvW68059MoSJmcc7snBH/423j//87nPv2fPA6jvuO3z+R3vzcnk8DFT/dOZ3boi1Hl4cwv0dIXSngRWDWaAnvz8Y63vfYAinhNlArcRkf1YibTh8vy+EfWE2UKvqe30hDBYCFz71yMM3VxO39YWwNIRQSdt4vpK10ZcGzujNAv1pYGt3FvjVW5la4LudWQCOWXwz1F70BybqMwzPXa7B66/nuHXs7ZUOrysmhhvn+9naee5UQW/6wMQxPW2l6pgXpbfHQe+2BfBuK23nWz1txS9S+TeUt2ZDldC5aXLzhqund8ZHOsPoaFejmubpeX7m9S9tPJL0gnkdxg4MH5fX4S1PLL27a/kFj9+3YunL+z+295Vj7eaPCpu0mJ5vlZC/5hbM8xiN+zxZAG+/0rekEV+6QgibP/97n2kWL83/h5vP/+PLOd521uWOtb45lM3N4yODMfHaUDY3BwAAgAVjIew13Tr60Cea1Vea/4+0d/w/HvLPJ/PZaA+GMD6T2LskhNNmHs8Cd8XmLlsSwgdnUhP1gbVJ4GAI751JLK9VlZRYFEuMJIGfDOWB8SRwKAYmksC3YuDWJHBDDBxIAhtj4GASODcGwlT9OH5/KB9H24G+GFifbcQD8SyEXwzF1pJt9VytKgAAgOMknx321N8tnOtwrBni9PJAX6sM8QzshhkqSQ3pDLY2rWpYQ3erGjpb1VAb9+7mwy/V3NGq5tJpGB31GW7/5d98NjRRmv+PNZ//V+boSEfp+H8I62b+xtydeWS6Fl8/UZcBAAAAOAYD//viN5vFS/P/8fbO/4/7RLoKmcNjcTfEliUhjNUHsmr/sBzIjnoP5AEAAABYCGrH42vHwqfy2+wU7XQ+Xc4/cYT544H/8Tnz9x58cH2z/pbm/xPtnf/fX3+bdeJQ7MXXloSwqBD4QexlNTBjJAZ+/Mn6QD7+Q3ED3BSryk9MqFV1UyyxPgbGksC+RiV+WCtxWn0gf7Jqje+tjWMqL1EIAAAAwAkXdwfE4/Lx/P8P/Wb1Nc3Kleb/64/s/P+ZeXDp9P7pgRBWdofQlf4w4LH+bGHAGBjsyBMP9Wd1daVVXd8fwjnVgaVVvZiv/9+drjH4VF9WVQyc9qH9r59RTXyzL4SVxcDTn7vzrGpiZxKoNf6XfSF8oDratPHvLMoa70kb//qiEN5fCNSqumxRCNXGetOqHqnk1zFIq/rnSgjvKgRqVZ1dCWFXAGCBiv+Vbio+uGPXtVs2TE9Pbp/HRNyH3xc2T01Pjm7cOr2p0qBPm5I+1y1jdH15TO1e+ea5fImii+5dN9hOuvY7wbFiW/l+/NKJg/n9+F2oZ2acq3vq7q5Jh/yRD5ebCIVvUo2G3DnPQ+4vVjL7JJbqj/l7w0BYdPWOye2jX9ywc+f2VdnfdrOvzv7Gw0zZtlqVbqv+ufrWxsuj4WpZiaPdVsuKlazceeW2lTt2Xbti6soNl09ePnnVqrNXj505tmbs42eurI5qLPvbYqjL5qo6Gepbd7Y5ruM41NO7C5WciE8NCQmJhZbYOrCs6f/Jpfn/tubz//ipEz/58/UZGh3/H46H+bPHZw/zr4+Bfe0e/x9udDS/dmLASBLYHQO7HeYHAADgnSFO8uPezLhX+qfLv/Nys3Kl+f/u9n7/f5zW/68tXX9+o2X+l8cSY43W/0+X+a+t/7+70fr/6TL/tfX/970N6/9fXQskm+QX1v8HAADeCU7c+v8tl/dPLxBQytByef/0AgGlDC2X8W/3AgFHvP7/8//5V/8dmijN/29tb/5v4X4AAAA4eXz5z675nWbx0vx/X3vz/xO//l9odP7/SKPARKOFAa3/BwAAwALVaP2/4Rv7L21WrjT/P9De/D+edtFZlzvW+uZQtqZdSNe0e22o9pMBAAAAWBg6w+hoT5t561ZGXXv0bT6TLwXaLF304p8cPrLz/w+2N/+v+13GLU8svbtr+QWPv3nfiqUv7//Y3ldmj/8DAAAA86fd/RIAAAAAAAAAAAAAAMDb78X/2LOmWbz0+/+wbubxRr//j9f9i78veHdd7lhr6/X/8vsXfvqeXTNLFj42FMKHi4Ete7acEvJr8y8rBh6+ZPl7qok9aYkHXzj3pWri0jTwqRWnvlFNnJME1sdFEt+bBuJVFd9YnATi8or/ngbi9jiQBnrzwFcXZ+PoSLfVTwezbdWRbqtnB0NYUgjUttX9g1kbHekAb0sCtQF+IQ3EAf55HuhMe3XPQNarGBiMRe8YyHoFAMBJK34L7Ambp6Ynx+JX+Hh7enf9bVS3ZNn15Wo72mz+uXxpsovuXTfYTror/S46e63xnlCpDmFV6etqMUvHzCiPTy0tNt27Gwy51WpvnQ3KpY500/U2HlFfNqLRjVunN/W0HPia1llWd7fMsqo02Slm6ZzZpG3U0kZf2hhRm9umjS7H+51hdLQryfUHMTgc6rR6RbT7e/3iOn+NXgXFPFcd3vurZvWV5v/D7c3/K8VxvZFfDGB3vLLe3y2xzD8AAADMr6+u/fU34r/P3vjo083ylub/I+3N/+MerPxQcLa342C8/v/eJSHMXFp/OAvcFZu7bEkIH5xJTcQS2QX1z48lxrLAXXGHyfJYYv1EfVWLYuBAEvjJUB44mAQOxUC+l2J/yHfl/P1QCGfNpNbVl9gWSwwngc/EwEgSGI2BsSSwOAbGk8Cri/PARBL4txgIU/Xb6t7F+bYCAAA4Evk8q6f+bkjneQe6W2XoaJWhv1WGzlYZKq0yNBpFvP/tmKEnOXmlo5CpJ621L6mllCFeDP+I+1XKEH5YnzMtWGo6nn9QO9+goz7DA5/oroQmSvP/sfbm//31t1nrh+L8f/b6f1ngB7F7X4unjo/EwI8/WR/IdwwcipPdm2pVTeQl8kn7TbHEeAyMJIFtMTCeBNavywP73lMfyGfatcb31hqfyksUAgAAAHDCxR0EcTdNnP/fseMrA83Kleb/4+3N/2N7A8XGboi1Hl4cwv0ds72pBVYMZoG4H2Mw/jz+fYMhnFLYwVErMdmflehNGg7f78t+od6bVvW9vuzHB/H+hU898vDN1cRtfSEsLex9qbXxfCVroy8NnNGbBfrTwNbuLBD3/NQC3+3MAnDMansF4wsqP9WlZnjucg1ef++Ua4KmwyvtA50j31y/uZovpR2u+T7VmiN72pruv+W4Kb09Dnq3LcR327B3W/GLVP4N5a3ZUCV0bprcvOHq6Z3xkeIvWUvm6Xku/kq1nfRxeB3uPvretlZJOzCWfHyMzV1u7tdhR6zulieW3t21/ILH71ux9OX9H9v7StvdaCD+UPiR6/518EeFzTvfKiF/zS24z5MJnycL8b+BEU9bCGHdq1+/qVm8NP+faG/+353czvh13Jg7loTwkcLGfSxu/j9ekn0OFgLZp+S7yoHskPt/DTX85AQAAIDjrba7o7a/YCq/zU4IT+fJ5fwTR5g/7q8YnzN/u/3u/+tLljaLl+b/65vP/xcl3XT83/F/5onj/3M62XdFL0of2H1Mu6JL1TEvHP+f08n+bnP8f06O/zv+PxfH/1tw/H9OJ/vTVvqWtM2XrhDCy3/00LPN4qX5/7b25v/W/5t70b7a+n/rG63/t63R+n+7rf8HAADMqwYLzaXzvNLqfaUM6ep9pQwtFwhsucSg9f+OeP2/l05//jehidL8f3d78//4chgotr5Q1v8bWdegqltjYJuFAQEAADgZNdpBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNvrgX/4n03N4o/+9rxnX7h4/Io9ay9+9brzTn0yhKmZxzuycEf/jbeP//zuc+/Z88DqO+47fP5HK3m5nvz2d+tyx1rfHAphX+GRwZh4bah6ZzZw4afv2dVdTTw2FMKHi4Ete7acUk18ayiEZcXAw5csf081sSct8eAL575UTVyaBj614tQ3qolz8kBH2t1/XJx1tyPt7s2LQ1hSCNS6e8Xi+qpqbfxpHuhM2/inwayNGBiMRb8xmLURA9OxxNSiEFZ2h9CVVvVoJauqK63qXypZVV1pVV+uhHBOCKE7reqF3qyq7nTkT/ZmVcXAaR/a//oZ1cS+3hBWFgNPf+7Os6qJLySBWuN/0RvCB6ovmbTxb/dkjfekjd/WE8L7Qwi9aYlfdmcletMSL3aH8K5CoNb457tD2BV4R4gfPnWfaDt2Xbtlw/T05PZ5TPTmbfWFzVPTk6Mbt05vqiR9aqSjkH7r+qMf+3Ovf2lj9faie9cNtpPuzsv1zHR5dU/d3TUne+9jv/qLlcw+H6X6Y/7eMBAWXb1jcvvoFzfs3Ll9Vfa33eyrs79deTTbVqsWyrZaVqxk5c4rt63csevaFVNXbrh88vLJq1advXrszLE1Yx8/c2V1VGPZ3+Mx1DtP/FBP7y5UciI+ACQkJBZaorPu023sZP8gL33Rn+1oT6jMfECXphXFLB0zozweg157lCM+mu8pLUe0qjRxKGVZ3TrLmtJkYjZLX5Zl5ntdaXJYrKlzZpPG+51hdLSr0XYYrr9b3Lw/O4bN+0y+6dpNAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwf+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwLAAAAAAgzN86jJ4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgUAAD//wNUIwc=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff) capset(&(0x7f0000000140)={0x20080522}, &(0x7f0000000040)) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, 0x0) 5.283210412s ago: executing program 2 (id=65): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000240)=[@in={0x2, 0x4e20, @loopback}], 0x10) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000100), 0x4) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000000), &(0x7f0000000140)=0x8) 4.000061333s ago: executing program 2 (id=61): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000002c0)=0x1, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f0000000000)=0x1, 0x4) sendmmsg$inet(r0, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000100)='\x00q', 0x2}], 0x1}}], 0x1, 0x2400c042) 3.730216303s ago: executing program 2 (id=63): r0 = syz_mount_image$btrfs(&(0x7f0000000200), &(0x7f0000005600)='./file0\x00', 0x800, &(0x7f0000000740), 0x0, 0x559e, &(0x7f0000005680)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR") ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r0, 0x4008941a, &(0x7f0000000080)=0x2) r1 = socket$inet6_icmp(0xa, 0x2, 0x3a) ioctl$BTRFS_IOC_SEND(r0, 0x40489426, &(0x7f0000000240)={{r1}, 0x1, &(0x7f0000000180)=[0x3], 0x5, 0xe, 0x1}) 3.502594312s ago: executing program 3 (id=64): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f0000000200)={{0x80}, 'port1\x00', 0x79, 0x1a1847}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close(r0) 3.333862869s ago: executing program 3 (id=67): syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x3000080, &(0x7f0000000200)=ANY=[@ANYBLOB="71756965742c636f6465706167653d69736f383835392d31352c706172743d3078303030303030300000000000000000662c00a20000000700000000ede9debf530c3cc4d04b548919aca0c2937d4da1fc31dc42fc2e3e", @ANYRES8], 0x11, 0x2d2, &(0x7f0000000bc0)="$eJzs3U1rE1scx/HfmaRteht6pw+XC3fZa0E3UutG3KRIXoS4ELWJUAwVbQV1YxVXIrp371vwLQhuFN+Arlz5AiIII+fMZJJJJzMxNDMNfj9gmMycM+d/Mg/n/AfsCMAf60rzy9uL3+w/I1VUkV5cljxJNakq6R/9W3uwf7h32Gm3MvbTDRxbyyisaY4V2t1vp9WtKaoR8e23quqD6zAdQRDsfJV0UHYgKJW7+lN40kJ0dbrttcIjy/Z0wnpHJxzHrDFddfVQy2XHAQAoVzT+e9E4X4/m754nbUbD/qkc/yfVLTuAqQsytw6M/y7LCow9vn+7Tf18z6VwdrvXyxLHaXlu6Pu8wjMrMcE0eVmli8VbvL3XaZ/fvdtpeXqmRmSg2Lr7bIWnbk9OtBspuWmGMfpu0meUS64Pc7YP2yPiX5uwxYmZD+aTuW58vVErnv9VA2MPkztS/tCRCuPfGr1H10vfllJ022g0Gl6iyIpr5L+ohUhOL2vpGYl6Z9SKkg8I/Lw4Xa3VoVph7y7k1FoLa+0sJmpt976NqLWeaMv2Jj6bR7c3beaVuWo29F3v1ByY/3s2vk1lXpn9q8ZshkOB+8XD/synN1d1+/SPjRxHulZProl/xYVRof/IvqdhyJOMbS91S5e0fPDo8Z1Kp9O+bxdupizcq8dr5p5LqWVKWPDUX6Oj/qYFhQ8ij9XqDUpFhnruRHdo7x+5he1VVkgHT82ZUMZC82OxJ1IZCwXdo1Cq/kHPLfq+kIBQNDfvCvO/gXxly0327IefMU/PnZBFewzsHDvOgGqJ+qtu6a/fyuCWRmdw4+Zc/5+VzsSrfgY5LfpRnLMhyJr6Waapz7rB838AAAAAAAAAAAAAAAAAAIBZU8R/Jyi7jwAAAAAAAAAAAAAAAAAAAAAAzLr4/b/qvf9X473/d/gvf1fCN7ycyPt/X++L9/8C0/crAAD//zZmik0=") r0 = fanotify_init(0x200, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0) fanotify_mark(r0, 0x101, 0x48001051, r1, 0x0) 3.089510092s ago: executing program 0 (id=68): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="2c00000013000100"/20, @ANYRES32=r2, @ANYBLOB="0000d400000000000a000100003b"], 0x2c}}, 0x0) 2.897445772s ago: executing program 3 (id=70): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x0, 0x0, {0x7, r2}, [@MDBA_SET_ENTRY={0x20, 0x1, {r2, 0x0, 0x0, 0x0, {@ip4=@multicast1, 0x86dd}}}]}, 0x38}}, 0x0) 2.861355533s ago: executing program 1 (id=71): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f0000000740)=@framed={{}, [@snprintf={{0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x8, 0xfe00}, {0x7, 0x0, 0x8}, {}, {0x5}, {0x7, 0x0, 0x2, 0x0}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x49}}]}, &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="7638300c000000000000e9000000", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.441302965s ago: executing program 3 (id=73): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r0, &(0x7f0000000580)=ANY=[@ANYBLOB="5300000002"], 0x8) 2.441144747s ago: executing program 5 (id=74): r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000180)='mand\x00', 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) 2.43152108s ago: executing program 1 (id=87): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) syz_emit_ethernet(0x6e, &(0x7f0000000080)={@local, @local, @val, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x30, 0x6, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xc, 0x10, 0x0, 0x0, 0x0, {[@sack={0x5, 0xa, [0x0, 0x3]}, @md5sig={0x13, 0x12, "0622034ed90ac6a7dc05406be7af5375"}]}}}}}}}}, 0x0) 2.19394212s ago: executing program 5 (id=77): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000500)={'ipvlan0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r1], 0xb4}}, 0x0) 2.030519604s ago: executing program 4 (id=78): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d0000002e0000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r1, 0x40000000af01, 0x0) 1.985800719s ago: executing program 3 (id=79): unshare(0x44040000) syz_mount_image$bcachefs(&(0x7f00000058c0), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={[{@metadata_checksum={'metadata_checksum', 0x3d, 'crc32c'}}, {@data_checksum={'data_checksum', 0x3d, 'none'}}, {@compression={'compression', 0x3d, 'zstd'}}, {@data_checksum={'data_checksum', 0x3d, 'xxhash'}}, {@data_checksum={'data_checksum', 0x3d, 'crc64'}}, {@data_checksum={'data_checksum', 0x3d, 'crc64'}}, {@metadata_checksum={'metadata_checksum', 0x3d, 'none'}}, {@str_hash={'str_hash', 0x3d, 'crc32c'}}, {@metadata_checksum={'metadata_checksum', 0x3d, 'crc64'}}, {@metadata_checksum={'metadata_checksum', 0x3d, 'crc32c'}}, {@compression={'compression', 0x3d, 'zstd'}}], [{@euid_gt={'euid>', 0xffffffffffffffff}}]}, 0x1, 0x5906, &(0x7f000000b200)="$eJzs3W2QXFWdMPBzu3synZm8TAJIBJkMgSiCmglvhS+l0ce3AqRiYSnhicJAJhhNQioJAgEl+IAPFGChpaWoH9BC6kGjRRU8SqREXjZhFaVYXWoLqdVd9INbyJISyFKWa7Zm+p6enjt95/b09OQFfr9K5vY9ffp/zr339O37P90zHQAAAHhV2H39lr3nHPW+X3x++KVrPviTDdeG3vJoeTVW6EuXVxyoHrI/dVcWjS6z4+INV33vjwMXv+fnd/d89+Vda45d+9v3Hnbx/Z86c+dt33zoxbn3/v2ZorhxPJ04tp48l4RQ/emer35h12NHjpQlIYRy0rc9hAXJwocWJJkQg38NIaxJV3oq4++856VT1o4sr72pe1z5/EwQ4/3VrZqOs217Lz8p/O7dq6771eIf/qBrx7Pbx6ok1YbxFMK8Cxsf3xVCGBl6s9P1FelyUXxwulw5MkYbHndGQb+Oa7H/y3LWj06Xs9Jlb0GceP+SzHopUy+7HnVllj0F7U1XXj/arVdkTmY9ezKarrx+xvIF6fLH6fLEKcYvx/9JKCWhUu/++mRsjISG45aEZPRYVuvrpfqxDen2Z9aTzHops17uymzXaLvpQCsnyfjyWC9THk/HlbT82MZzdRPn5pS/Nl1W0yfqy3E9ZG/U9E64Ud+uUbFfeybpy/4wsp+6JymvH/j0YPSmZb3JwgmP2ddEvG/XqpuXllc/vLsvpx/J3UkaP2kr/rZfLpjzie/feNmivPgXltL4pbbi//6sx58//8bvfCM3/q0xfrmt+Cc/0PPcWY9cvyR3/+yJ+6fSVvyhZx69ZfHhF+3I7f/tMX61rfgrdj7ePXfvAw/m9n8w7p/ZbcV/+u3v/8NdT973bG78EOP3tBV/9c5NX+zu33tCbvwH4/7pbW/8vLDj9Kf6+/80kBf/iRh/blvx79x+29vumH/TmbnHd2XcP31txT/7+Puvm7P3vmPyzp3J7Z165QR4dTosvca6IV3PzTMrk+eZ09WQL3x9oFK75puT/p/byYYyRtqZN4PxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHh1OuKkf/zAv3+077lKut6d3ni6VFvG8lkhJLNDCFu2Dm3eum7jJQOfuvSyzRuH1g8MbR0Y3rh185UDp75pYPPwpvVDV47cO/jmU2qPWxiS2jI5ZkLb+/bt21fqG18W2/tfx+/43dIz/uPPIQwe8Zv+Sm7/l9224Y7Dm/zMSFbse9eGy875zWnfTrerL+1XX06/Qk6//vO8v93x5T1/PCGEwddM1q9Hn37nz8Z1aLRgLE6q1B1qHepOepr2o97rtD9xf1XWrls/PFi8f8s52/G/r3r2r2uv+NLfavu3mrsdLe7f2Sv2rS99bdXZ//21q2sFB+txL9rfcSti/+L+q6b7e166XfNytquSs13X/+rBJ3961I0vbg+DlRcWT2y7aLu60gHQlby2pXZjCz3JgnHl1bR+POLxccu2bti0bMuV2968bsPQJcOXDG986/JTl58+eNrppy0b3fJlHd7+2P7rW9z+/TOe5n9m+4/jz9bGU1G/4v4o5+yPkX4V74/GHuU9/3rO/cJX3nrbI+fUCorGeaxdP5+ky56R47w8NIy3ifuq2XEu2g8hhIHGsrgfnn/xzHDkv6y7rug81HhkGn9mJCv2PbbkL98+41uL3lErGDnPV2b6PN/YoTbP8/Vej/VndH9V0+NxsO7f7nRkdye9Tfu1/LFHum7e/efP1vs3a1a4Ymjr1s3Laz/npD2dkxzdtF/Z0rhdi0d/lkO6W0J9mDYZryO6Qq1/2fNnrJ7dq73pfb3JwqbblRXv27Xq5qXl1Q/vztvTyd21FmeHubVl8rqcmuszDyzXO9ys/UNhfMxq0q/+D3zr3o/e+6NTJ4yPk2s/i7YrydmuHz5551e++6X/+6PObdcH3vl431/+9ZNLawX75fqxA+eVeq/T/iSN55WTQyh6/i0Ozbcj9/lXar49Rc+/bDtj9ZvHG8is94ZyW8/Xkx/oee6sR65fkvt83dPq8/XqcWvlgufrwTJ+Dtzza9xASVbs+/kNh21/6JqVR9UKisZ1vXazcX1KC/lHznb97Pyn+i8d+D//3LnzxvfedM8Fvx1a8blawcFy3Kvp/q3m7N96r2Pe2bh/33LxpevX1Mpbvf7Nbs/MX/+my4L8J55Ktly57dND69cPb97S2na1+noa28nu5XZfT+PZbWHBdpUmbNfM3QgNr+zTfb7F/q9pe3+Nf771hqSt14Vtv1ww5xPfv/GyvgmPShu6sJTGL7UV//dnPf78+Td+5xu58W+N8SttxR965tFbFh9+0Y7c+LcnafxqW/FX7Hy8e+7eBx7MjT8Y+z+7rfhPv/39f7jryfuezY0fYvze9vb/CztOf6q//0+58Z9I0nZGrpFCuOelU9bW1pPQlT7fYj+6xvUrZNeTzHops15uXC+F9NmUNlBOkvHlsV5afmxDX5r5WE55vAqrLqotX47rIXtj8vKDTanh3N+svOg6FQDglS6+/x+vQeP7/8PphVL+TAOMmW4etignbszDxuZzxr+LsCiNHx8f5wH73xIGR5bXDtQu9Avmc7Zn53Pi8yE7zxnbOeG48THanecsmn9fklmP/arNl1ca8tDUxLymElqYf5/YzuTz75nNL54fH7hhQrcGGuatssevK50xa/Z5h0x/KyMR8sZHdl4sfp6jf15YOdpea+Njwudo4nHIfo4mtnNU5sTZ7udopjs+YrcnGR+jXS5+f2Pi8QuT7N+x49c8Wvb4TeF4V0fqz/T7s8Xzhsm4luJ9B8+84cy+H2ZeMid++gQ72OcNY3ncjkqL84kfzSnv1HxiPF3Efu2ZpC/7g/lE4JUq5v/xNWIk/x+5AP+vTL2i69DsVWOMl/s5oXLz/hTlHQ1X52mN7W29jq/euemL3f17T8i9znmw1c/9bBq31lPwuZ+i/bg0s164H3MmaIryvdF29jWr3zxe9nMZvWFuW/v9zu23ve2O+TedmbvfV9ZeSIv3+1fGrc0t2O8HPl9oHl++IF8I+2H+7IDlI+kHn2YqH/lITvlU85GeCTfq2zXqkMtHuvZvvwCAQ0fM/+vvn6X5/79l6hXlrSdm1mO83Lw15/okL2/9ULq8IlO/N/2NiqleN599/P3Xzdl73zG5ecvtreah/2/cWl9hHjq9vDk3j1jZmc+L5+YR9Txrenlibv/reeL08vTc+PU8fXp5dO7+qefR05sHyI1fnwc41PPcnhmdrzuAeXQpzGQenf569Uzl0efmlE81j+6dcKO+XaPk0QAAB1bM/+NlXMz/H8nUm+51e25e0KHr9uzfA6nHf2J/5ZUznffNdN4603n9TM9LHOp58UzPC83sPNkBe39ZXtxR8mIAgFe2mP/PTtfz8/8m+Ul6DdhKfpKbv9XzE/l50/jy84MkPz/U57/k//L/YvJ/AIBXtpj/x197jH//7x/S9ezfrZen58TfT3n6Cnl68/ivmDx9ep8DKJ5nMw9gHqCYeQAAgFeWrtFMaeLv2X88XWZ/zz7v9/LPz6nfYPZk/aikFS7aunl4+ILLNq0Z2jp8wcZL1wxvuWDc5ed088bcvCXNG7tCJd0fzetl87b56d9DmJ/z9xCy9WPYo0dvTPx7CNlmZxf8HYGx49daf/OOX2mS+s3GR97xzov/sZz6Uf34X/zJky9Yu+WCdRvXbV03tH7dtuHx9Uay1p4pfG9m3C1T+t7MzI8JSlP//s7O9KM0oR9d6f7I+372JNOPBWlPFuR9z2tOv3/xT1/+zPH7/nZXCINHlF83rf2XrNj3/88b/tDW3b/ZNNL/0qT9r9dM+1X0faXZ+nF7Kusv3bL1pLWXXrYx+42S7YnzGaX6+gzNZ6RP/3KL8xOrc8qnOj9RnnDj4NTy/AQAAOPE9//j9Wx8//BL6QVULJ8kT79887qtW4c31upN9/3j3Dx9sLU8Pfu9ZEV5erZ+3N5W8/TqNPP0bPtFeXqz+s3y9Ly8Oy/+R3LqT1Xr42R6n/PIHScXtjZOst9nUDROsvWnOk6SdsfJnObtF42TZvWbjZO8454X/8M59fO0Ph6m97mc3PFwa2vj4Y2Z9aLxkK0/1fFQmuZ5I9t+0XhoVr/ZeMg7vnnxz8mp36rx42NkYIyOi+ELLr9086cb6s30919Mv38z+/0f7Wq9/zP7ua+Z7//Mfq5s5vs/vc+V5fb/ienNhLXe/5n9fpd27bf52vTDZkWfPyuax12VUz7VedxZE24cnMzjwoET8//4dk/M/29Kl51+G+gQ/5600btn8nXu0P/8/cxex3g9n6Sxg4DXcwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDWdFcWjS53X79l7zlHve8Xnx9+6ZoP/mTDtW+46nt/HLj4PT+/u+e7L+9ac+za3773sIvv/9SZO2/75kMvzr33788UBu6rLU5MV6shJM8lIVR/uuerX9j12JEjZUkIoZz0bQ9hQbLwoQVJJsLgX0MIa+r9HH/nPS+dsnZkee1N3ePK52eCZLcr9JZjf8b1M1xRuEUcgqrpONu29/KTwu/eveq6Xy3+4Q+6djy7faxKUm0YTyHMuzCUx+7sCiHMTv+PiKNtUXxwulwZQuhpaPeMgn4d12L/l+WsH50uZ6XL3oI48f4lmfVSpl52PerKLHsK2puuvH60W6/InMx69mQ0XXn9jOUL0uWP0+WJU4xfjv+TUEpCpd799cnYGAkNxy0JyeixrNbXS/VjG9Ltz6wnmfVSZr3cldmu0XbTgVZOkvHlsV6mPJ6OK2n5sY3n6ibOzSl/bbqspk/Ul+N6yN6o6Z1wo75do2K/9kzSl/2h1HAOalZeP/DpwehNy3qThRMes6+JeN+uVTcvLa9+eHdfTj+Su5M0ftJW/G2/XDDnE9+/8bJFefEvLKXxS23F//1Zjz9//o3f+UZu/Ftj/HJb8U9+oOe5sx65fknu/tkT90+lrfhDzzx6y+LDL9qR2//bY/xqW/FX7Hy8e+7eBx7M7f9g3D+z24r/9Nvf/4e7nrzv2dz4IcbvaSv+6p2bvtjdv/eE3PgPxv3T2974eWHH6U/19/9pIC/+EzH+3Lbi37n9trfdMf+mM3OP78q4f/rain/28fdfN2fvfcfknTuT2zv1ygnw6nRYeo11Q7o+pTyzgxryha8PVGrXfHPS/3M72VDGSDvzZjA+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACvTL+++tSPn/euD6+qJCEkOXX2NRHvK89asWKgjXaHnnn0lsWHX7SjsWxRG3EAAACAYjEPL9VLqmFRuDyZHY5uWj/OERwd15Lx5dk5hNljNTsSp9ShOOUOxal0KE5Xh+LM6lCc7g7FqRbEqYbW4syeNE6p5f70dChOb4fizGk9Tnboj4szt0P9mdehOPM7FKdv0jitj8MFHYqzsENxDutQnMM7FOeIDsV5TYfiHNmhONk55amOw7lpzaPy4ozeKBfGqSTl+h3N5tNjO8dMs53eFtvJztnHOOe32M7sFts5LvO40hS3p9piO6+fZjtJi+28cZrtlAraieP2imz/YjtxrcXxf2WH4mzrUJyrOhTn6g7F+WyH4nyuQ3GumWYcgFbF/H8s3+sL3ZV3hJ70jJOdBYj57uLRnxNf7/JOSDHe6zLls4riZRP1TLzFU+1f0yxqLN6STHnXuHiVej4ySbxqY7ylmTsLtzc7oZDp34mZ8u6ieNmJBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYQb+++tSPn/euD68KSRj519S+JuJ95VkrVgy00e6uVTcvLa9+eHdjWXeljUAAAABAoZiHd9VLqqG7sjx0J7PG1aum8wDVdL3cV1v2zwsrR5bJQGl0vSdZMOnjKunjlm3dsGnZliu3vXndhqFLhi8Z3vjW5acuP33wtNNPW7Z23frhwdrPELoL4oUQRqcftly57dND69cPb95SKxztf/dYpUXp4xal60n6uP63hMGR5bVp/xcWtFea0N7M3WjpAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA/7NpdiJxXGQfw887Mzky3jVnp1zQ0myEfJWrRJG4l1dJ9QbDQJiFLQWarawk2weKmCW1SYh3bgG1NUISWQIjkJhKLrcWbftgi9oNApEYDbgzSFu2FXiitVtKSC0kZye6c2ZnJTGYzlqZNf7+L95055znnmTMXC/93BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAD9BUdWSiMjo2PpiEkHSpqXUQ57L5NC330ffrz2/9cWH45PLmsUKuj40AAACAnmIOH2iMFEMhlw3ZcNX0u8WhaSLM5n4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODjZ6o6MlEZHRu/OAkh6VJT6yDOZfNpWu6j7xvvPPmFV4eH/9E8VupjHwAAAKC3mMMzjZFiKIUlYSC5qqUuPhtY0La+vS7us3COde3PDrrVLZlj3TVzrPtUj7p19fuOAAAAAB99Mf/nGiNDoZCb1zX/98r1sW5RW122fu/ntwIAAADA/yfm/0JjpBQKuVIjr8817y9uq4vre/3fPq5f1mV9r//nr63f/Z8eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD46pqojE5XRsfFsEkLSpabWQZzL5tO03EffVS8M/uuWQw8tbh4r5PrYCAAAAOgp5vDZ6F0MhdxgGAgXT+f+4Zv2P/3Vp58dCSHMxPx8PuzYsG3b3atmrrFu5ZFDAz86/Nb3zqhbOXM9bwcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADeN1PVkYnK6Nj4RUkISZeaWgdxLptP03IffV//0lf+9vjx595sHiv1sQ8AAADQW8zhs9m/GEohH/Lhiul3zVn/tEzb+m7PDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIALxz3fue/bGyYnN97thRdeeNF4cb7/MgEAAO+3RSEJtXN05frz/akBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAPg6nqyERldGy8mISQdKmpdRDnsvk0LffRN33+aGHeyRdeah4r9bEPAAAA0FvM4bPZvxhKYSAMhMun33V6JjCd/4c+wA8JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfKhMVUcmKqNj4/OSEJIuNbUO4lw2n6blPvo+tnPfFw/O/+HNzWOFXB8bAQAAAD3FHJ5vjBRDIffpUAhX199Pti5IsvV75+cCs+u2tiwbnPO6asu67JzX7Wo7Wa5+mpl1xbjf0My9sa585rpy07pSaLQvt6wLe1pWzevxOQMAAACcRzH/FxojQ6GQKzTl3J+31A/JuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAF1PVkYnK6Nh4koSQdKmpdRDnsvk0LffR977ff/KSb/xi9/bmsVIf+wAAAAC9xRw+m/2LoRQWhk+EhdO5Pwy11se6f1dOHXz0P39fHsKKK44N57ru/9vXb3yx/RJCprUoE8L8er+kS7/f/fHRe5fWTj0eworLs1efa7/WLdPaM5WNa7cdPrb1LF8MAAAAXEBi/h9ojAyFQu6urvk/Ju9zyv/z7935q8vq13oib1uRGar3y3Tp9+WlT/512ep/vnU6/5+t3+f2bT54WUvDmZE2SVob3bx93bHrDmTiqWf6Z9v6x+/la99987+bdjxyaqZ/MRTr4wtynfqfeS20ll2U1iYze8fXvLe32to/1+X8D/3hpeO/WbD73dP931k02Oh/zVnO39w/nNF/8NaH91y/79C61v4hhHKn/m+/e3O48s93Pth+/sG2jZu/+eZrmyStHVl84sDq/aUbWvsnbf3j9//L44/t+dkjP3g29o+/FVm+ZK79M239X9l16c6XH1i/oLV/psv5X7zt1eEt5e//qf38d/R9/ieufer21zak97dPAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXFimqiMTldGx8UwSQtKlptZBnMvm07TcR983bjn69m27f/qT5rFSH/sAAAAAvcUcPpv9i6EU8iEfBqdz/zOVjWu3HT62NQzNzCb1e25yyz3bPrNpy/a77jhPnxwAAACYq5j/c42RoVDILQ0D9fw/unn7umPXHcjM5P9aIVblNt05uXFFaNS9suvSnS8/sH5B4zlBCNM/Cyiervv8bN1NNx4dOvGXby3rWLdqtu7I4hMHVu8v3RDrQnPdytB4PvHEtU/d/tqG9P5Yl2mu++w3t0zWH0/EfQdvfXjP9fsOrcvE5xj1+2B931g3mdk7vua9vdVYl63fi/VzAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABnmqqOTFRGx8ZDNoSkS02tgziXzadpuY++a5b++sFLTj63sHmskOtjIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP+xAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhf36CY2jiuMA/t5uYrbZpE1awaiYplVR6sGiIKIXFRVpRQqeKkWqrT2IgiCi1IOptGKpihfB6qWIHtQoBQUbi6VVUvFf8eJBBYXqQSjFgDYUDypJ3ttuphm3jlFQPx8Y3r43M9/5zbyXyS4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP8qPV1DM+3hHQ9O3XbeTR8/fs+Jx2559/5tlzz62vcjm274aG/vKycnNq/Y8tWNyzbtv3fN+O4XD/3c//avRzsGPzLbrErdRgjxeAyh8d7kc09MfHLO9FgMIdTjwGgIg3HpocFYSFj9Swhhc6vOuTvfOnHllul2266eOeNLCiHF+wrNeq5n1sDcevlvaaR1tnXq4cvCN9ev3/7Z8jff6B47NnrqkNhoW08hLN7Yfn53CGFR2qbl1TaUT07tuhBCb9t5V3eo68IzrP/ykv75qT0rtc0OOXn/ykK/Vjiu2M+6C21vh+tVEzvWUXSmx3XSV1rJwiirM48Ppvad1K76k/n1vMVQi6GrVf598dQaCW3zFkOcmctGq19rzW1I91/ox0K/VujXuwv3NXPdtNDqMc4dz8cVxvPruCuNr2h/V8/j9pLxc1PbSH+oJ3M/FD/Map72oXVfM3Jdk39Qyz+h1vYOmm+8NfFpMppprBmXnnbOb/PI+ybWP3VxfcP7hwdK6oh7Y8qPlfK3fjrYd+frOx8aKsvfWEv5tUr536498uMdO196oTT/2Zxfr5R/xYHe42s/2LGy9PlM5ufTVSn/rqMfPr387LvHSuvfk/MblfKvGz/S0z914GBp/avz81lUKf/ra2/+7tUv9h0rzQ85v7dS/obxB57pGZ66tDT/YH4+zWrr56exq74cHv5hpCz/85zfXyk/jO6+5uUlu9aUzu+6/HwGKuXfetH+7X1T+y4oe3fGPQv1nxPg/2lZ+o71ZOpX/Z35V7X9Xnh+pGv2O19f2voX8kIF09dZ/DfmAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/swMHJAAAAACC/r9uR6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8FQAAAD//5V5MEU=") r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000140)="5500000018007f5f00fe01b2a4a2809302060000fd41fd01020400000a00120002002800000019002d007fffffff0022de1330d54400009b84136ef75afb83de066a5900e1baac968300000000f2ff000001000000", 0x55}], 0x1, 0x0, 0x0, 0x7a000000}, 0x0) 1.875872993s ago: executing program 0 (id=80): syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000040)='./file1\x00', 0x208400, &(0x7f0000000500)=ANY=[@ANYBLOB="696f636861727365743d6d616363726f617469616e2c636f6465706167653d69736f383835392d392c747970653d8806e6d92c007c3da50838b213e45c60dfa80dde3ce87abe5e338e4e6a59adcbbcd8c1298ca6754466db1a8a1278dabca7f2fe40cf27dc1fb941304798bf42ba7569909de3630242504efec00c875fa448eb7bdaa7ba31d37ec3e7d64cd77624a0da2b05469cfb6ff12378569cc8b28d1168e0b17c24be8bc7e84cc44764d86c47497b7f98bc4582fe16504124539d5e1c09b9294efa2dd7"], 0x1, 0x2e5, &(0x7f00000001c0)="$eJzs3U9rE08cx/HPbJI27a/0t/0jghelWtBLsepBvEQkV++eRG1SKIaKbQX1YisexQfg3afgg/Ci+AT05MkH0IOwMpPJZtPsbpLSJE19vyBhMzsz+x1mNzvfRRsB+Gfdq/74dPOXfRmpoIKkO1IgqSwVJZ3T+fKL7b2tvUa9ltdRwbWwL6NmS9NVZ2O7ntbUtnMtvNB+KmouWZZkunvGMUVRdPdnXoXC6GLB+JiMmQ6kaX8duv3lEcc1LPvSxXHHMGrJCTaHOtRLzY8xHADAKeDv/4G/Tcy5IqMgkFb9bf9M3f8Pxx3AybrV6CqKchsk7v9udRcZO7//u13tfM8lWnZ/0MoS+wmmdOTzlJpnVscC0/TKKl0swczmVlFrGweqBXqripeotuzea81Tt6VHtCspuWmO7N5Kuj/bHI1bUR7VCmlzq1GfthuJ+FsRLA12xDwzfdUyX8w389CE+qhavP4rRsZOk5up8MhMBSUb//XsHv9zrWwt+YFVKpWgo8qCO8gFfwSvxyjLPXLPhfZDg/04grw43bEX1flYoTm69R6tltJahfGnjFbLHa0K/kxY23jWyH2UMhytIZoP5oFZ0W99VjWx/g9sfKtKXJl5X/XG1fRnRnM8U+k1i65m2HXnaF8ul+IIvOmBxwYp62lZhvd6otua3331+mmh0ajv2I3HKRvP53aMLym9k1LrDH+joJw62m+XRNabKOq352iYwV870Q7t90dcYi+ftMr2KotLglFP06Ru/BmwVfWr8k7IydmIIilj19C+p3CK7JrWpLuPxT4XkTg77LrLNPM/t5L3qzqXoNi3MGednp9kqqPH9TiD61wKLrr32YEyuP6OeCMjZ3Q51+Wr0pVEoVHuEUMf5xlhqvquRzz/BwAAAAAAAAAAAAAAAAAAmDTJf/R/MKT/aTDuMQIAAAAAAAAAAAAAAAAAAAAAMOmO9fu/aX8j3v3+bziS3/8FcDL+BgAA//9Id3lt") chdir(&(0x7f0000000140)='./file0\x00') mkdir(&(0x7f0000000000)='./control\x00', 0x0) rmdir(&(0x7f0000000040)='./control\x00') 1.875187839s ago: executing program 1 (id=81): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=@newqdisc={0x4b8, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x444, 0x2, [@TCA_CHOKE_MAX_P={0x8}, @TCA_CHOKE_STAB={0x104, 0x2, "c2b4d3d4fbf227c49e3735732a5592488fc38c72709de710a0ca0b56c85df8eef8dc38f3b05899d8ea0556566d0370cedf3feb5a43c0b926616662c54e5a587b70152172ddb3159d939c3f8b5a8b54b30be0aea5aea49a9920d438b420a6223b80ec63f5f0c7400ed3e88abef640cfea8b7ec50d8194edf75ffc0d611b18958d910a97b31fab6d1270dda4353b6a7a8de79be87f70a5ae4ef874f66afce30a20a7bf5c4aaf31d629b362cacc6af1fd30cfe1c17ae8508b4e07a1f0bb60db7fd8477f27ae9f3003f09c95142c83f5a14c57ecb53de7b2fb5351127d72fb8af968fad8df7dae5ae7bfc376a12035a0f5633195055b33576aa2d5e41925872f536b"}, @TCA_CHOKE_STAB={0x104, 0x2, "a104fc1073ec124b95cf8e1978213f258ec090bde5b09eabcf283dccf5a8539473308011e38b77af64c074ef99c6933469e8d1dab3871cb1b896ccd3c45691144127734063b3a4710b3b76ae9a59fbf6f1f898b194472b82ff7b962b7a25dd5ebe35325d84d2ff9d0acb3f6050fdbd4e0c603b647bf1b790df4e9295159ef210827375a795dcc354f4f40ce019b29ade5705afaeec296213e4217c4ae4f84e5d656101097f4ddb7cdbe322a205a37c13dc3992c3591939cdd7d85828af161edabd54032ec6482129eb5b1f5e7568672adf4c12899d961469a2cc69b8d2a17d21fe9bd1ff27bef634025c5a0d3e43cb0c726295e8b28ac615986502c5d1a541e0"}, @TCA_CHOKE_PARMS={0x14}, @TCA_CHOKE_PARMS={0x14}, @TCA_CHOKE_STAB={0x104, 0x2, "089c170cedfe88408826e2caee96e7043211a997953811b791d27e6185701e3aecd8d5571871e9d53bf6ef343ec509157ebecdc73872f3453b08777d151ec5d022f88892e77e3a9ab52a266f16fcc8461893cce38be6c5c451b99ae82458569e65a944031639b961644adfdeafbbf6f2d37e20d67a9bbcf048c40810a2503eb5e8297750cb1a72913cfc0bc816dbc2b8a5bc6f19f5c0d42c6253a488f7e579277cae223090e86f1eeb4b9b7aeec45170b6c83e97cd6ef80b691c2f3b49ec865be0a4b29e135924a9c5e918b4806a1aa9bc0c29b9dbd870e46617387cf5a1eeee63ef956435743661a0e66964a1d090c97bfe3eaf9991ab281ff13d43fc30c2da"}, @TCA_CHOKE_STAB={0x104, 0x2, "e613bc7a95a89d4f8ffeb1f0ab7f1e7f9a24149d912fae0ad79df8a4dd017e0aeb6a18ee301a1c3cf1fe436aea993fe42939ef9a613f7a3bb7afd8bac4b8300aa4d98234f97c91b4f14a47d6e7501cb1971f872ac479e23b299615501befec21293f42702ac773ebebb3039b548689ae61f7400d34d2a3c7d70c8518ff2d7f4a6bdc71261bf5c3cd889ae078d5b62d1b7c1089d787a4f9fd64bd483982f62f5298867b8d7260cf3da2d792cdfceee4eb9ee4336cc4654ae4b0e51f3069761a8181a9003098dd15563f2e8221d39daf2a24d083df4cb6dcc528e7ffd8352c3d6e5997f1dd4d145ba3b4c00930763263a421219afce637ead8b9d60fdb101290ce"}]}}, @TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}, {{0x1c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32}}, {0x4}}]}]}, 0x4b8}}, 0x0) 1.82132059s ago: executing program 5 (id=82): mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000027c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000007b000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_enter\x00', r0}, 0x10) stat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)) 1.62487359s ago: executing program 4 (id=83): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='sys_enter\x00', r0}, 0x10) r1 = landlock_create_ruleset(&(0x7f0000006f80)={0x0, 0x3}, 0x10, 0x0) landlock_add_rule$LANDLOCK_RULE_NET_PORT(r1, 0x2, &(0x7f0000000100)={0x1}, 0x0) 1.57739076s ago: executing program 5 (id=84): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce22000000000000000000000000000000007fffffff0001000000000071273fa79d93014b8e3381b6"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 1.564208859s ago: executing program 0 (id=85): r0 = socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000500)={'lo\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x70bd2c, 0x25dfdbff, {0xa, 0x80, 0x0, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @loopback}, @IFA_FLAGS={0x8, 0x8, 0x69c}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) 1.351588059s ago: executing program 0 (id=86): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x1) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x19) 1.351427166s ago: executing program 1 (id=88): syz_mount_image$hfs(&(0x7f0000000000), &(0x7f0000000240)='./file0\x00', 0x200000, &(0x7f0000000400)={[{@uid}, {}, {@iocharset={'iocharset', 0x3d, 'cp775'}}, {@dir_umask={'dir_umask', 0x3d, 0x1ff}}, {@codepage={'codepage', 0x3d, 'cp950'}}, {@file_umask={'file_umask', 0x3d, 0x9}}, {@part={'part', 0x3d, 0x2}}, {@creator={'creator', 0x3d, "8c10b081"}}]}, 0x4, 0x363, &(0x7f0000000a00)="$eJzs3U9r1EwcB/DvJPv3aemTp+1DxZtVwVPZ1oMigiK9+QY8SLG2KZTGCm0FFcXqwZOIN0Hw6M2z6FvQi/gG9NRD8aSXUqSR+WWyyW4n2d3+SVv6/UC3aTKT+c1M/sys7gZEdGxdm/z+7vya/lFlAC6AS4ADoAaUAPyPkdq9xZX5lcCfzduRKzn0j0KUU21LM7Po27LqfJLD8PRfJfSn19H+CMMw/NEx1a9CYqGDo6JzfxsHqJqzU7bXCo9sR1a7SFAtJpRDJNXDagMb9h4nIqLjxNz/HXOX6Dfjd8cBzppx+FG6/8fSM4iWu90G8Ojf4uM5NOT+fx8D0uN6HqB0+0iLqGS+J1M43YZOPEu07ct6TIRJc1cQHVktHaAss8qWEZnE4tTn5gN/bFV28AxXjFSyYXmdRVwRkRVtJfo1apmb5sire74+qUNZ16GcEf9QzyV+Wsdre3FTXyqdY1Kf1Vc1pTy8wSwGzMpSqHTjSHYPqJvVcZvOB34je49SS09q2WipZXL2/SeFnIx74OP7pJb1rHatwdWx2Oi9qPbxu4kAeJXRCrJ6sPWiYHpnPLt2kmvImmui+femNddwe676XDnwx2buBrlvpewZ6/hevVQ31Ch+4gMmm/2vu9rVl/qMM7P9LFeSMmqFRm59SpIyox9byMF2p6czk7D5J4z0lMvDC9zGRQwsP3i4MB0E/lJhC/pqYd0UnyoFx5O1EB2I5nDUa/TvVBrU9EIZwJ4VuhWGoXVTyd5ivS1U4lCzYi5LVS+8bVZZLrPmrZTdlY7VqA1Tm65mJ04um1J3o8dCJfuTZi59t+gl+++odN3v1jQqiXCpsr8HZFzUdBCcaHaci2pXZ0p9B4Vef7wwHezoakRHzPLzU+aag5Gb65cPOhwqnh53qWj+l5qvNOSqo1+8nNlIx1FHao/jGTOgQXn9J5ltKPP+fc6cqy97BtcXLwT+RN6c6/Q54ExqpS7NQVzi0/bdeiZOHMZ/lazawqrn5VCT+IZbqfE/EREREREREREREREREREREREREREdCcl/+vd2+XGCLfM5JPsnMRJrx/CLN4iIiIiIiIiIiIiIiIiIiIiIiIiIiIiIdif1/F/AlSfGVPb8+b/xF3t3+/xft4vn/6qOj/gkog7+BgAA//8YCmF2") syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x800053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) getdents64(r0, &(0x7f00000001c0)=""/202, 0xff4) 1.351318842s ago: executing program 4 (id=89): r0 = socket$inet(0xa, 0x801, 0x84) sendto$inet(r0, &(0x7f0000000080)='w', 0x34000, 0x0, &(0x7f00000000c0)={0x2, 0x0, @rand_addr=0x64010102}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1) 1.067099644s ago: executing program 4 (id=90): r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000180)='mand\x00', 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) 593.056416ms ago: executing program 4 (id=91): setitimer(0x2, &(0x7f0000000580)={{0x77359400}, {0x0, 0xea60}}, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x0, 0xffffffffffffffff}, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003d000b08d25a80648c7494f90224fc600b0002400c000400040082c137153e3719ac018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 592.358554ms ago: executing program 1 (id=92): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x0, 0x0, {0x7, r2}, [@MDBA_SET_ENTRY={0x20, 0x1, {r2, 0x0, 0x0, 0x0, {@ip4=@multicast1, 0x86dd}}}]}, 0x38}}, 0x0) 591.485744ms ago: executing program 5 (id=103): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f0000007300)=[{{&(0x7f00000003c0)={0xa, 0x0, 0x0, @private0}, 0x1c, &(0x7f0000000400)=[{&(0x7f0000000480)="7f", 0x1}], 0x1}}], 0x1, 0x0) listen(r0, 0x1) accept(r0, 0xfffffffffffffffd, 0x0) 496.083617ms ago: executing program 2 (id=93): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r0, &(0x7f0000000580)=ANY=[@ANYBLOB="5300000002"], 0x8) 425.86833ms ago: executing program 1 (id=94): syz_mount_image$xfs(&(0x7f0000009800), &(0x7f0000009840)='./bus\x00', 0x0, &(0x7f0000000080)={[{@ikeep}, {@pquota}]}, 0x1, 0x9867, &(0x7f00000130c0)="$eJzs3QeUJHWheP/ZZckZEwZkyZjIGQNBQQQBQSQpQbJEASWpgAgCooBEQRFQJIkgSSTnnHPOOecc/mfZXV3XC0//v3ce73nvPWe2u6ura6q/n6qaaWroXmGRZRcaGJhkYHgjL//eoS9/8ugtXl5op2OvP+KlRQ9f/OgRk8cafjFk6IjLqUZcTj0wMDBoxHIGDZ82eMiJJw0eGGdgYPCoy51g3PEHTTAwsOaImwuMuJx7+MWE14yc763R4hUdthqDdh3+NfybDgwMjDvsyjMDMy8/6nJGrNcs//REpa2w4KKL/N3qb27Dxm/IiOujfo01/GvCywYGJrx0gLePQe/tM3r7+0+y9wUrrvQer8f/iVZYcNHFRvMfti+OMWLa3MP28dH3QWOjb+dD575j5DFoEB44/4+0woKLLDHwzsf5gVXePGizt94+bg4eb2Bg8PgDA4MnGBgYPOHAwOCJBgYGT/xeu9T/W+/pxldVVVXvSQsuNPtCw17vjfb7wDgjf6+l3wtXfmOpOwYGBsYcPs/guUa+Fqyqqqqqqqqq/50tuNDsC8Pr/0ne7fX/Cae+OmOv/6uqqqqqqqr+77TYggvNPux1/Giv/yd/t9f/2z3w4gYj/vZ/7uGPevO9fRJVVVVVVVVV9a4t89W3X/+PP9rr/6Hv9vr/4fl3eXDEfCP/u8Eboyxy0Ch/T/DaKNPHGGX+V0eZPmSU6aPOP9bAwOAhI6a//vfJg8cbdt8/zz94kmHrPWL6K6NMn+Xv/3/zkGlHmT7rKNOnH2X6bCPWddj0GUaZPuco88/4r4xtVVVVVVVVVVVVVVVVVVXV/1RvPnHqmX9/z/ePD4zy/u1/ex/3EX8XMOi4s6+++j1b0f8dDfrnv4fY7r1ep//XhjmPc9TQgYGNlnuvV6Xeg97rz2uo97b83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y1/cO5z//9v7/09x+Joj/5/5uQ/dfcqJRn3seqNcH+d/dK3fs/5Tz/8PrDdoYGCE7yTDXJdccJmvzzgwMDDRlLsfOsfA3+6bZ9h98082xog3SBj+NgjTDeEFbzfiU9G3GzHriGUc9/byF3vrkDEGjbYSozTpyYcdtu4KL80x+uX07/w8Bo+88oFLtlx45HtZDB5tpnfaTkcuf+RzGd15xLrPOGzdZ958w01m3myrrT+z3oarr7PWOmttNO/cc88z59xzzTvbzGuvt8Faswz/953GbOjb/07zr4zZ5KOP2RMLjjpmoz+3dxqzoe8+Zm8vcey9Vl1/5JiNvmr/1ZhN8+5jNnS9Ed9oyNAxB1Z7e2wGDQwMmXbMgS2H3Zh17IGBIdONmHfyYfN+drLBAwN7/P2JDrs29t+2wUHbDZtnhUWWXejvH7v/zx+//w6fZz/W8IshI4ZkyFQjLqce/m0mGfj7pjh4yIknDR723P9hmCcYd/xBEwwMrDni5gIjLucdce+VI+d7h89ZH21F336blV2Hf/3NY9xhV45ZeuKbRl3OOxD8d/T/6+f/P3nNM+hvAzVoxNeIeYZ7LbjoYn//Xm8PwwIj3xNm2M+WYSb/Dx9j/1/2T+s7dJy33+T2ndb3Xd4Xd/jzh+1r+sfOG/rf9b64fOxY4u1/h/4rx46Bdz92jPH3q3+futYVU4x+7Fj8nVfxH/aLkWM09mgzvdOxY8b9F9z27WPTux87llhvxAcN/f3YMXhgYMg0I48dww4k0485sMewG7MNuzHDmANHDLsx+9s3xh04e9iNmdbYeIM1B739tj0jljvLsOUuMNmgt5/81TMvePQYe7/11rQj1mWW0Q6sI7aPoaP+fFxwsuHDNvKxtNy7Nx9+3/Qjljvrv7HckY+l5c6z6fD7Zhix3NlGW+4Y77LckY8duT8Mm/Xt/WHGQf/wh5+w/y4y2v47aORhfZSHjPwaa/jXhJeN/Gwo2F/+reMO7b+TvMv6vsvnWuH2NmzaDktecep/1+da0fqO8+7r+06fw/2O67v+uFsu9d+wvoNGWd9/2M42mW/4tjLjiO1szn9j+x352NGPY2O+fe9whhn/lePYAv90HNt+jMGjrfwovdPvQGvC/MOvT/63pc175BgTjxz7MUdb7n/1O9CM734cm2S90R63yMEDg2jMH378sHXH/i/GfMyBf/xdfeSYj3zsu435DP885oP+acznefcx/1d/75xxmuH3j/EuYz54582WHDnmY/2bYz7DvzvmCwyMQWO+xwHDx+3djqfvNOYjH/uPYz5k4EsDAwPTjhjz6f+V7XyW/57tfDyYf/j1B/426ZIpzthtlGPMoH9nzKf/d8d86N+282nfvm/qwQNjjTWw5eqbb77prMP/HXlztuH/8rHo6fuHj/O7/Sx9J6ORj323/WLaf8Vo6H+P0UeG/PP8I190jLy93NnHTPr/91g07b9nNGiRAT4WnXLR8HF7t9+L3mnMRz6Wfg4OHeXxo7+ue5f3o8TnNGzafvvvc/vIRY54WO9H+a/3D5vtyP/Gt97oB/n6T63//u8uf3f5u8vfXf7i3uH8/9/e///hSZZ9bMSL5DH3nG+dNd7r9X2P+48+/z/C9x/O/6+xznx7DnspOOK+dz0/O3ye/5XnZ+cefjHhNSPnG/38IK/oO5+fnWGvmZYZ+J85P/v/q5H76r/wOr7jv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y1/cO5z/H/k3ykMPfOP+7UacCB1z333WeOO9Xt/3uP/o8/8jfP/h/P8ba+yz7+CBv933ruf/h8/jOP+/1IF7nzTwv/j8/8h9tfP/9V+Uv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/mLe4fz/wuM/DuAuVZde9eRfw+w0axf2PG9Xt/3uP/U8/99/r+3jv/u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/cSPO/w+M9rGOS7ddYHD+//927+D/tfwxi/8y+WMW/2Xzxyz+X88fs/gvlz9m8f9G/pjFf/n8MYv/CvljFv8V88cs/ivlj1n8V84fs/h/M3/M4v+t/DGL/yr5Yxb/VfPHLP6r5Y9Z/FfPH7P4fzt/zOK/Rv6YxX/N/DGL/1r5Yxb/tfPHLP7r5I9Z/NfNH7P4r5c/ZvH/Tv6YxX/9/DGL/wb5Yxb/DfPHLP4b5Y9Z/DfOH7P4b5I/ZvH/bv6YxX/T/DGL/2b5Yxb/zfPHLP7fyx+z+H8/f8ziv0X+mMV/y/wxi/9W+WMW/63zxyz+2+SPWfx/kD9m8f9h/pjF/0f5Yxb/bfPHLP7b5Y9Z/LfPH7P4/zh/zOK/Q/6Yxf8n+WMW/x3zxyz+O+WPWfx/mj9m8d85f8ziv0v+mMV/1/wxi//P8scs/rvlj1n8f54/ZvH/Rf6YxX/3/DGL/x75Yxb/PfPHLP6/zB+z+O+VP2bx3zt/zOK/T/6YxX/f/DGL/375Yxb//fPHLP6/yh+z+B+QP2bxPzB/zOL/6/wxi/9v8scs/gflj1n8f5s/ZvE/OH/M4n9I/pjF/9D8MYv/7/LHLP6/zx+z+B+WP2bx/0P+mMX/8Pwxi/8R+WMW/yPzxyz+R+WPWfyPzh+z+P8xf8zif0z+mMX/T/ljFv9j88cs/sflj1n8/5w/ZvE/Pn/M4n9C/pjF/8T8MYv/SfljFv+T88cs/n/JH7P4n5I/ZvH/a/6Yxf/U/DGL/2n5Yxb/0/PHLP5n5I9Z/M/MH7P4n5U/ZvE/O3/M4n9O/pjF/9z8MYv/efljFv/z88cs/hfkj1n8L8wfs/hflD9m8b84f8zif0n+mMX/0vwxi/9l+WMW/8vzxyz+V+SPWfyvzB+z+F+VP2bxvzp/zOJ/Tf6Yxf/a/DGL/3X5Yxb/6/PHLP435I9Z/G/MH7P435Q/ZvG/OX/M4n9L/pjF/9b8MYv/bfljFv/b88cs/nfkj1n878wfs/jflT9m8b87f8zif0/+mMX/3vwxi/99+WMW//vzxyz+D+SPWfwfzB+z+D+UP2bxfzh/zOL/SP6Yxf/R/DGL/2P5Yxb/x/PHLP5P5I9Z/J/MH7P4P5U/ZvF/On/M4v9M/pjF/9n8MYv/c/ljFv/n88cs/i/kj1n8X8wfs/i/lD9m8X85f8zi/0r+mMX/1fwxi/9r+WMW/9fzxyz+b+SPWfzfzB+z+L+VPybxHzSQP2bxH5Q/ZvEfnD9m8R8jf8ziPyR/zOI/Zv6YxX+s/DGL/9j5Yxb/cfLHLP7j5o9Z/MfLH7P4j58/ZvGfIH/M4j9h/pjFf6L8MYv/xPljFv9J8scs/pPmj1n8J8sfs/i/L3/M4v/+/DGL/wfyxyz+H8wfs/h/KH/M4j95/pjF/8P5Yxb/j+SPWfw/mj9m8f9Y/pjFf4r8MYv/x/PHLP5T5o9Z/Ifmj1n8p8ofs/hPnT9m8Z8mf8ziP23+mMV/uvwxi//0+WMW/xnyxyz+M+aPWfw/kT9m8f9k/tigQwcGDP6fyh+z7P+fzh+z+H8mf8ziP1P+mMV/5vwxi/8s+WMW/1nzxyz+s+WPWfxnzx+z+M+RP2bxnzN/zOI/V/6YxX/u/DGL/zz5Yxb/efPHLP7z5Y9Z/OfPH7P4fzZ/zOL/ufwxi//n88cs/l/IH7P4L5A/ZvFfMH/M4r9Q/pjFf+H8MYv/F/PHLP5fyh+z+C+SP2bxXzR/zOL/5fwxi/9i+WMW/6/kj1n8F88fs/gvkT9m8f9q/pjFf8n8MYv/UvljFv+l88cs/l/LH7P4L5M/ZvFfNn/M4v/1/DGL/3L5Yxb/b+SPWfyXzx+z+K+QP2bxXzF/zOK/Uv6YxX/l/DGL/zfzxyz+38ofs/ivkj9m8V81f8ziv1r+mMV/9fwxi/+388cs/mvkj1n818wfs/ivlT9m8V87f8ziv07+mMV/3fwxi/96+WMW/+/kj1n8188fs/hvkD9m8d8wf8ziv1H+mMV/4/wxi/8m+WMW/+/mj1n8N80fs/hvlj9m8d88f8zi/738MYv/9/PHLP5b5I9Z/LfMH7P4b5U/ZvHfOn/M4r9N/pjF/wf5Yxb/H+aPWfx/lD9m8d82f8ziv13+2JgDDv/t88cs+/+P88cs/jvkj1n8f5I/ZvHfMX/M4r9T/pjF/6f5Yxb/nfPHLP675I9Z/HfNH7P4/yx/zOK/W/6Yxf/n+WMW/1/kj1n8d88fs/jvkT9m8d8zf8zi/8v8MYv/XvljFv+988cs/vvkj1n8980fs/jvlz9m8d8/f8zi/6v8MYv/AfljFv8D88cs/r/OH7P4/yZ/zOJ/UP6Yxf+3+WMW/4Pzxyz+h+SPWfwPzR+z+P8uf8zi//v8MYv/YfljFv8/5I9Z/A/PH7P4H5E/ZvE/Mn/M4n9U/pjF/+j8MYv/H/PHLP7H5I9Z/P+UP2bxPzZ/zOJ/XP6Yxf/P+WMW/+Pzxyz+J+SPWfxPzB+z+J+UP2bxPzl/zOL/l/wxi/8p+WMW/7/mj1n8T80fs/iflj9m8T89f8zif0b+mMX/TK//GO92p8X/LK//u2bxPzt/zOJ/Tv6Yxf/c/DGL/3n5Yxb/8/PHLP4X5I9Z/C/MH7P4X5Q/ZvG/OH/M4n9J/pjF/9L8MYv/ZfljFv/L88cs/lfkj1n8r8wfs/hflT9m8b86f8zif03+mMX/2vwxi/91+WMW/+vzxyz+N+SPWfxvzB+z+N+UP2bxvzl/zOJ/S/6Yxf/W/DGL/235Yxb/2/PHLP535I9Z/O/MH7P435U/ZvG/O3/M4n9P/pjF/978MYv/ffljFv/788cs/g/kj1n8H8wfs/g/lD9m8X84f8zi/0j+mMX/0fwxi/9j+WMW/8fzxyz+T+SPWfyfzB+z+D+VP2bxfzp/zOL/TP6Yxf/Z/DGL/3P5Yxb/5/PHLP4v5I9Z/F/MH7P4v5Q/ZvF/OX/M4v9K/pjF/9X8MYv/a/ljFv/X88cs/m/kj1n838wfs/i/lT8m8X/7av7/nMV/UP6YxX9w/pjFf4z8MYv/kPwxi/+Y+WMW/7Hyxyz+Y+ePWfzHyR+z+I+bP2bxHy9/zOI/fv6YxX+C/DGL/4T5Yxb/ifLHLP4T549Z/CfJH7P4T5o/ZvGfLH/M4v++/DGL//vzxyz+H8gfs/h/MH/M4v+h/DGL/+T5Yxb/D+ePWfw/kj9m8f9o/pjF/2P5Yxb/KfLHLP4fzx+z+E+ZP2bxH5o/ZvGfKn/M4j91/pjFf5r8MYv/tPljFv/p8scs/tPnj1n8Z8gfs/jPmD9m8f9E/pjF/5P5Yxb/T+WPWfw/nT9m8f9M/pjFf6b8MYv/zPljFv9Z8scs/rPmj1n8Z8sfs/jPnj9m8Z8jf8ziP2f+mMV/rvwxi//c+WMW/3nyxyz+8+aP/cf6j/uP/vPlj/3H+o+2/8+fP2bx/2z+mMX/c/ljFv/P549Z/L+QP2bxXyB/zOK/YP6YxX+h/DGL/8L5Yxb/L+aPWfy/lD9m8V8kf8ziv2j+mMX/y/ljFv/F8scs/l/JH7P4L54/ZvFfIn/M4v/V/DGL/5L5Yxb/pfLHLP5L549Z/L+WP2bxXyZ/zOK/bP6Yxf/r+WMW/+Xyxyz+38gfs/gvnz9m8V8hf8ziv2L+mMV/pfwxi//K+WMW/2/mj1n8v5U/ZvFfJX/M4r9q/pjFf7X8MYv/6vljFv9vv+0/znu1Vv9rs/iv0f6PWfzXzB+z+K+VP2bxXzt/zOK/Tv6YxX/d/DGL/3r5Yxb/7+SPWfzXzx+z+G+QP2bx3zB/zOK/Uf6YxX/j/DGL/yb5Yxb/7+aPWfw3zR+z+G+WP2bx3zx/zOL/vfwxi//388cs/lvkj1n8t8wfs/hvlT9m8d86f8ziv03+mMX/B/ljFv8f5o9Z/H+UP2bx3zZ/zOK/Xf6YxX/7/DGL/4/zxyz+O+SPWfx/kj9m8d8xf8ziv1P+mMX/p/ljFv+d88cs/rvkj1n8d80fs/j/LH/M4r9b/pjF/+f5Yxb/X+SPWfx3zx+z+O+RP2bx3zN/zOL/y/wxi/9e+WMW/73zxyz+++SPWfz3zR+z+O+XP2bx3z9/zOL/q/wxi/8B+WMW/wPzxyz+v84fs/j/Jn/M4n9Q/pjF/7f5Yxb/g/PHLP6H5I9Z/A/NH7P4/y5/zOL/+/wxi/9h+WMW/z/kj1n8D88fs/gfkT9m8T8yf8zif1T+mMX/6Pwxi/8f88cs/sfkj1n8/5Q/ZvE/Nn/M4n9c/pjF/8/5Yxb/4/PHLP4n5I9Z/E/MH7P4n5Q/ZvE/OX/M4v+X/DGL/yn5Yxb/v+aPWfxPzR+z+J+WP2bxPz1/zOJ/Rv6Yxf/M/DGL/1n5Yxb/s/PHLP7n5I9Z/M/NH7P4n5c/ZvE/P3/M4n9B/pjF/8L8MYv/RfljFv+L88cs/pfkj1n8L80fs/hflj9m8b88f8zif0X+mMX/yvwxi/9V+WMW/6vzxyz+1+SPWfyvzR+z+F+XP2bxvz5/zOJ/Q/6Yxf/G/DGL/035Yxb/m/PHLP635I9Z/G/NH7P435Y/ZvG/PX/M4n9H/pjF/878MYv/XfljFv+788cs/vfkj1n8780fs/jflz9m8b8/f8zi/0D+mMX/wfwxi/9D+WMW/4fzxyz+j+SPWfwfzR+z+D+WP2bxfzx/zOL/RP6Yxf/J/DGL/1P5Yxb/p/PHLP7P5I9Z/J/NH7P4P5c/ZvF/Pn/M4v9C/pjF/8X8MYv/S/ljFv+X88cs/q/kj1n8X80fs/i/lj9m8X89f8zi/0b+mMX/zfwxi/9b+WMS/zEG8scs/oPyxyz+g/PHLP5j5I9Z/Ifkj1n8x8wfs/iPlT9m8R87f8ziP07+mMV/3Pwxi/94+WMW//Hzxyz+E+SPWfwnzB+z+E+UP2bxnzh/zOI/Sf6YxX/S/DGL/2T5Yxb/9+WPWfzfnz9m8f9A/pjF/4P5Yxb/D+WPWfwnzx+z+H84f8zi/5H8MYv/R/PHLP4fyx+z+E+RP2bx/3j+mMV/yvwxi//Q/DGL/1T5Yxb/qfPHLP7T5I9Z/KfNH7P4T5c/ZvGfPn/M4j9D/pjFf8b8MYv/J/LHLP6fzB+z+H8qf8zi/+n8MYv/Z/LHLP4z5Y9Z/GfOH7P4z5I/ZvGfNX/M4j9b/pjFf/b8MYv/HPljFv8588cs/nPlj1n8584fs/jPkz9m8Z83f8ziP1/+mMV//vwxi/9n88cs/p/LH7P4fz5/zOL/hfwxi/8C+WMW/wXzxyz+C+WPWfwXzh+z+H8xf8zi/6X8MYv/IvljFv9F88cs/l/OH7P4L5Y/ZvH/Sv6YxX/x/DGL/xL5Yxb/r+aPWfyXzB+z+C+VP2bxXzp/zOL/tfwxi/8y+WMW/2Xzxyz+X88fs/gvlz9m8f9G/pjFf/n8MYv/CvljFv8V88cs/ivlj1n8V84fs/h/M3/M4v+t/DGL/yr5Yxb/VfPHLP6r5Y9Z/FfPH7P4fzt/zOK/Rv6YxX/N/DGL/1r5Yxb/tfPHLP7r5I9Z/NfNH7P4r5c/ZvH/Tv6YxX/9/DGL/wb5Yxb/DfPHLP4b5Y9Z/DfOH7P4b5I/ZvH/bv6YxX/T/DGL/2b5Yxb/zfPHLP7fyx+z+H8/f8ziv0X+mMV/y/wxi/9W+WMW/63zxyz+2+SPWfx/kD9m8f9h/pjF/0f5Yxb/bfPHLP7b5Y9Z/LfPH7P4/zh/zOK/Q/6Yxf8n+WMW/x3zxyz+O+WPWfx/mj9m8d85f8ziv0v+mMV/1/wxi//P8scs/rvlj1n8f54/ZvH/Rf6YxX/3/DGL/x75Yxb/PfPHLP6/zB+z+O+VP2bx3zt/zOK/T/6YxX/f/DGL/375Yxb//fPHLP6/yh+z+B+QP2bxPzB/zOL/6/wxi/9v8scs/gflj1n8f5s/ZvE/OH/M4n9I/pjF/9D8MYv/7/LHLP6/zx+z+B+WP2bx/0P+mMX/8Pwxi/8R+WMW/yPzxyz+R+WPWfyPzh+z+P8xf8zif0z+mMX/T/ljFv9j88cs/sflj1n8/5w/ZvE/Pn/M4n9C/pjF/8T8MYv/SfljFv+T88cs/n/JH7P4n5I/ZvH/a/6Yxf/U/DGL/2n5Yxb/0/PHLP5n5I9Z/M/MH7P4n5U/ZvE/O3/M4n9O/pjF/9z8MYv/efljFv/z88cs/hfkj1n8L8wfs/hflD9m8b84f8zif0n+mMX/0vwxi/9l+WMW/8vzxyz+V+SPWfyvzB+z+F+VP2bxvzp/zOJ/Tf6Yxf/a/DGL/3X5Yxb/6/PHLP435I9Z/G/MH7P435Q/ZvG/OX/M4n9L/pjF/9b8MYv/bfljFv/b88cs/nfkj1n878wfs/jflT9m8b87f8zif0/+mMX/3vwxi/99+WMW//vzxyz+D+SPWfwfzB+z+D+UP2bxfzh/zOL/SP6Yxf/R/DGL/2P5Yxb/x/PHLP5P5I9Z/J/MH7P4P5U/ZvF/On/M4v9M/pjF/9n8MYv/c/ljFv/n88cs/i/kj1n8X8wfs/i/lD9m8X85f8zi/0r+mMX/1fwxi/9r+WMW/9fzxyz+b+SPWfzfzB+z+L+VPybxHzKQP2bxH5Q/ZvEfnD9m8R8jf8ziPyR/zOI/Zv6YxX+s/DGL/9j5Yxb/cfLHLP7j5o9Z/MfLH7P4j58/ZvGfIH/M4j9h/pjFf6L8MYv/xPljFv9J8scs/pPmj1n8J8sfs/i/L3/M4v/+/DGL/wfyxyz+H8wfs/h/KH/M4j95/pjF/8P5Yxb/j+SPWfw/mj9m8f9Y/pjFf4r8MYv/x/PHLP5T5o9Z/Ifmj1n8p8ofs/hPnT9m8Z8mf8ziP23+mMV/uvwxi//0+WMW/xnyxyz+M+aPWfw/kT9m8f9k/pjF/1P5Yxb/T+ePWfw/kz9m8Z8pf8ziP3P+mMV/lvwxi/+s+WMW/9nyxyz+s+ePWfznyB+z+M+ZP2bxnyt/zOI/d/6YxX+e/DGL/7z5Yxb/+fLHLP7z549Z/D+bP2bx/1z+mMX/8/ljFv8v5I9Z/BfIH7P4L5g/ZvFfKH/M4r9w/pjF/4v5Yxb/L+WPWfwXyR+z+C+aP2bx/3L+mMV/sfwxi/9X8scs/ovnj1n8l8gfs/h/NX/M4r9k/pjFf6n8MYv/0vljFv+v5Y9Z/JfJH7P4L5s/ZvH/ev6YxX+5/DGL/zfyxyz+y+ePWfxXyB+z+K+YP2bxXyl/zOK/cv6Yxf+b+WMW/2/lj1n8V8kfs/ivmj9m8V8tf8ziv3r+mMX/2/ljFv818scs/mvmj1n818ofs/ivnT9m8V8nf8ziv27+mMV/vfwxi/938scs/uvnj1n8N8gfs/hvmD9m8d8of8ziv3H+mMV/k/wxi/9388cs/pvmj1n8N8sfs/hvnj9m8f9e/pjF//v5Yxb/LfLHLP5b5o9Z/LfKH7P4b50/ZvHfJn/M4v+D/DGL/w/zxyz+P8ofs/hvmz9m8d8uf8ziv33+mMX/x/ljFv8d8scs/j/JH7P475g/ZvHfKX/M4v/T/DGL/875Yxb/XfLHLP675o9Z/H+WP2bx3y1/zOL/8/wxi/8v8scs/rvnj1n898gfs/jvmT9m8f9l/pjFf6/8MYv/3vljFv998scs/vvmj1n898sfs/jvnz9m8f9V/pjF/4D8MYv/gfljFv9f549Z/H+TP2bxPyh/zOL/2/wxi//B+WMW/0Pyxyz+h+aPWfx/lz9m8f99/pjF/7D8MYv/H/LHLP6H549Z/I/IH7P4H5k/ZvE/Kn/M4n90/pjF/4/5Yxb/Y/LHLP5/yh+z+B+bP2bxPy5/zOL/5/wxi//x+WMW/xPyxyz+J+aPWfxPyh+z+J+cP2bx/0v+mMX/lPwxi/9f88cs/qfmj1n8T8sfs/ifnj9m8T8jf8zif2b+mMX/rPwxi//Z+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOJ/Yf6Yxf+i/DGL/8X5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/6r8MYv/1fljFv9r8scs/tfmj1n8r8sfs/hfnz9m8b8hf8zif2P+mMX/pvwxi//N+WMW/1vyxyz+t+aPWfxvyx+z+N+eP2bxvyN/zOJ/Z/6Yxf+u/DGL/935Yxb/e/LHLP735o9Z/O/LH7P4358/ZvF/IH/M4v9g/pjF/6H8MYv/w/ljFv9H8scs/o/mj1n8H8sfs/g/nj9m8X8if8zi/2T+mMX/qfwxi//T+WMW/2fyxyz+z+aPWfyfyx+z+D+fP2bxfyF/zOL/Yv6Yxf+l/DGL/8v5Yxb/V/LHLP6v5o9Z/F/LH7P4v54/ZvF/I3/M4v9m/pjF/638MYn/mAP5Yxb/QfljFv/B+WMW/zHyxyz+Q/LHLP5j5o9Z/MfKH7P4j50/ZvEfJ3/M4j9u/pjFf7z8MYv/+PljFv8J8scs/hPmj1n8J8ofs/hPnD9m8Z8kf8ziP2n+mMV/svwxi//78scs/u/PH7P4fyB/zOL/wfwxi/+H8scs/pPnj1n8P5w/ZvH/SP6Yxf+j+WMW/4/lj1n8p8gfs/h/PH/M4j9l/pjFf2j+mMV/qvwxi//U+WMW/2nyxyz+0+aPWfynyx+z+E+fP2bxnyF/zOI/Y/6Yxf8T+WMW/0/mj1n8P5U/ZvH/dP6Yxf8z+WMW/5nyxyz+M+ePWfxnyR+z+M+aP2bxny1/zOI/e/6YxX+O/DGL/5z5Yxb/ufLHLP5z549Z/OfJH7P4z5s/ZvGfL3/M4j9//pjF/7P5Yxb/z+WPWfw/nz9m8f9C/pjFf4H8MYv/gvljFv+F8scs/gvnj1n8v5g/ZvH/Uv6YxX+R/DGL/6L5Yxb/L+ePWfwXyx+z+H8lf8ziv3j+mMV/ifwxi/9X88cs/kvmj1n8l8ofs/gvnT9m8f9a/pjFf5n8MYv/svljFv+v549Z/JfLH7P4fyN/zOK/fP6YxX+F/DGL/4r5Yxb/lfLHLP4r549Z/L+ZP2bx/1b+mMV/lfwxi/+q+WMW/9Xyxyz+q+ePWfy/nT9m8V8jf8ziv2b+mMV/rfwxi//a+WMW/3Xyxyz+6+aPWfzXyx+z+H8nf8ziv37+mMV/g/wxi/+G+WMW/43yxyz+G+ePWfw3yR+z+H/3nfyH/A+t1//SLP6btv9jFv/N8scs/pvnj1n8v5c/ZvH/fv6YxX+L/DGL/5b5Yxb/rfLHLP5b549Z/LfJH7P4/yB/zOL/w/wxi/+P8scs/tvmj1n8t8sfs/hvnz9m8f9x/pjFf4f8MYv/T/LHLP475o9Z/HfKH7P4/zR/zOK/c/6YxX+X/DGL/675Yxb/n+WPWfx3yx+z+P88f8zi/4v8MYv/7vljFv898scs/nvmj1n8f5k/ZvHfK3/M4r93/pjFf5/8MYv/vvljFv/98scs/vvnj1n8f5U/ZvE/IH/M4n9g/pjF/9f5Yxb/3+SPWfwPyh+z+P82f8zif3D+mMX/kPwxi/+h+WMW/9/lj1n8f58/ZvE/LH/M4v+H/DGL/+H5Yxb/I/LHLP5H5o9Z/I/KH7P4H50/ZvH/Y/6Yxf+Y/DGL/5/yxyz+x+aPWfyPyx+z+P85f8zif3z+mMX/hPwxi/+J+WMW/5Pyxyz+J+ePWfz/kj9m8T8lf8zi/9f8MYv/qfljFv/T8scs/qfnj1n8z8gfs/ifmT9m8T8rf8zif3b+mMX/nPwxi/+5+WMW//Pyxyz+5+ePWfwvyB+z+F+YP2bxvyh/zOJ/cf6Yxf+S/DGL/6X5Yxb/y/LHLP6X549Z/K/IH7P4X5k/ZvG/Kn/M4n91/pjF/5r8MYv/tfljFv/r8scs/tfnj1n8b8gfs/jfmD9m8b8pf8zif3P+mMX/lvwxi/+t+WMW/9vyxyz+t+ePWfzvyB+z+N+ZP2bxvyt/zOJ/d/6Yxf+e/DGL/735Yxb/+/LHLP73549Z/B/IH7P4P5g/ZvF/KH/M4v9w/pjF/5H8MYv/o/ljFv/H8scs/o/nj1n8n8gfs/g/mT9m8X8qf8zi/3T+mMX/mfwxi/+z+WMW/+fyxyz+z+ePWfxfyB+z+L+YP2bxfyl/zOL/cv6Yxf+V/DGL/6v5Yxb/1/LHLP6v549Z/N/IH7P4v5k/ZvF/K39M4j/WQP6YxX9Q/pjFf3D+mMV/jPwxi/+Q/DGL/5j5Yxb/sfLHLP5j549Z/MfJH7P4j5s/ZvEfL3/M4j9+/pjFf4L8MYv/hPljFv+J8scs/hPnj1n8J8kfs/hPmj9m8Z8sf8zi/778MYv/+/PHLP4fyB+z+H8wf8zi/6H8MYv/5PljFv8P549Z/D+SP2bx/2j+mMX/Y/ljFv8p8scs/h/PH7P4T5k/ZvEfmj9m8Z8qf8ziP3X+mMV/mvwxi/+0+WMW/+nyxyz+0+ePWfxnyB+z+M+YP2bx/0T+mMX/k/ljFv9P5Y9Z/D+dP2bx/0z+mMV/pvwxi//M+WMW/1nyxyz+s+aPWfxnyx+z+M+eP2bxnyN/zOI/Z/6YxX+u/DGL/9z5Yxb/efLHLP7z5o9Z/OfLH7P4z58/ZvH/bP6Yxf9z+WMW/8/nj1n8v5A/ZvFfIH/M4r9g/pjFf6H8MYv/wvljFv8v5o9Z/L+UP2bxXyR/zOK/aP6Yxf/L+WMW/8Xyxyz+X8kfs/gvnj9m8V8if8zi/9X8MYv/kvljFv+l8scs/kvnj1n8v5Y/ZvFfJn/M4r9s/pjF/+v5Yxb/5fLHLP7fyB+z+C+fP2bxXyF/zOK/Yv6YxX+l/DGL/8r5Yxb/b+aPWfy/lT9m8V8lf8ziv2r+mMV/tfwxi//q+WMW/2/nj1n818gfs/ivmT9m8V8rf8ziv3b+mMV/nfwxi/+6+WMW//Xyxyz+38kfs/ivnz9m8d8gf8ziv2H+mMV/o/wxi//G+WMW/03yxyz+380fs/hvmj9m8d8sf8ziv3n+mMX/e/ljFv/v549Z/LfIH7P4b5k/ZvHfKn/M4r91/pjFf5v8MYv/D/LHLP4/zB+z+P8of8ziv23+mMV/u/wxi//2+WMW/x/nj1n8d8gfs/j/JH/M4r9j/pjFf6f8MYv/T/PHLP47549Z/HfJH7P475o/ZvH/Wf6YxX+3/DGL/8/zxyz+v8gfs/jvnj9m8d8jf8ziv2f+mMX/l/ljFv+98scs/nvnj1n898kfs/jvmz9m8d8vf8ziv3/+mMX/V/ljFv8D8scs/gfmj1n8f50/ZvH/Tf6Yxf+g/DGL/2/zxyz+B+ePWfwPyR+z+B+aP2bx/13+mMX/9/ljFv/D8scs/n/IH7P4H54/ZvE/In/M4n9k/pjF/6j8MYv/0fljFv8/5o9Z/I/JH7P4/yl/zOJ/bP6Yxf+4/DGL/5/zxyz+x+ePWfxPyB+z+J+YP2bxPyl/zOJ/cv6Yxf8v+WMW/1Pyxyz+f80fs/ifmj9m8T8tf8zif3r+mMX/jPwxi/+Z+WMW/7Pyxyz+Z+ePWfzPyR+z+J+bP2bxPy9/zOJ/fv6Yxf+C/DGL/4X5Yxb/i/LHLP4X549Z/C/JH7P4X5o/ZvG/LH/M4n95/pjF/4r8MYv/lfljFv+r8scs/lfnj1n8r8kfs/hfmz9m8b8uf8zif33+mMX/hvwxi/+N+WMW/5vyxyz+N+ePWfxvyR+z+N+aP2bxvy1/zOJ/e/6Yxf+O/DGL/535Yxb/u/LHLP53549Z/O/JH7P435s/ZvG/L3/M4n9//pjF/4H8MYv/g/ljFv+H8scs/g/nj1n8H8kfs/g/mj9m8X8sf8zi/3j+mMX/ifwxi/+T+WMW/6fyxyz+T+ePWfyfyR+z+D+bP2bxfy5/zOL/fP6Yxf+F/DGL/4v5Yxb/l/LHLP4v549Z/F/JH7P4v5o/ZvF/LX/M4v96/pjF/438MYv/m/ljFv+38sck/mMP5I9Z/Aflj1n8B+ePWfzHyB+z+A/JH7P4j5k/ZvEfK3/M4j92/pjFf5z8MYv/uPljFv/x8scs/uPnj1n8J8gfs/hPmD9m8Z8of8ziP3H+mMV/kvwxi/+k+WMW/8nyxyz+78sfs/i/P3/M4v+B/DGL/wfzxyz+H8ofs/hPnj9m8f9w/pjF/yP5Yxb/j+aPWfw/lj9m8Z8if8zi//H8MYv/lPljFv+h+WMW/6nyxyz+U+ePWfynyR+z+E+bP2bxny5/zOI/ff6YxX+G/DGL/4z5Yxb/T+SPWfw/mT9m8f9U/pjF/9P5Yxb/z+SPWfxnyh+z+M+cP2bxnyV/zOI/a/6YxX+2/DGL/+z5Yxb/OfLHLP5z5o9Z/OfKH7P4z50/ZvGfJ3/M4j9v/pjFf778MYv//PljFv/P5o9Z/D+XP2bx/3z+mMX/C/ljFv8F8scs/gvmj1n8F8ofs/gvnD9m8f9i/pjF/0v5Yxb/RfLHLP6L5o9Z/L+cP2bxXyx/zOL/lfwxi//i+WMW/yXyxyz+X80fs/gvmT9m8V8qf8ziv3T+mMX/a/ljFv9l8scs/svmj1n8v54/ZvFfLn/M4v+N/DGL//L5Yxb/FfLHLP4r5o9Z/FfKH7P4r5w/ZvH/Zv6Yxf9b+WMW/1Xyxyz+q+aPWfxXyx+z+K+eP2bx/3b+mMV/jfwxi/+a+WMW/7Xyxyz+a+ePWfzXyR+z+K+bP2bxXy9/zOL/nfwxi//6+WMW/w3yxyz+G+aPWfw3yh+z+G+cP2bx3yR/zOL/3fwxi/+m+WMW/83yxyz+m+ePWfy/lz9m8f9+/pjFf4v8MYv/lvljFv+t8scs/lvnj1n8t8kfs/j/IH/M4v/D/DGL/4/yxyz+2+aPWfy3yx+z+G+fP2bx/3H+mMV/h/wxi/9P8scs/jvmj1n8d8ofs/j/NH/M4r9z/pjFf5f8MYv/rvljFv+f5Y9Z/HfLH7P4/zx/zOL/i/wxi//u+WMW/z3yxyz+e+aPWfx/mT9m8d8rf8ziv3f+mMV/n/wxi/+++WMW//3yxyz+++ePWfx/lT9m8T8gf8zif2D+mMX/1/ljFv/f5I9Z/A/KH7P4/zZ/zOJ/cP6Yxf+Q/DGL/6H5Yxb/3+WPWfx/nz9m8T8sf8zi/4f8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8f9j/pjF/5j8MYv/n/LHLP7H5o9Z/I/LH7P4/zl/zOJ/fP6Yxf+E/DGL/4n5Yxb/k/LHLP4n549Z/P+SP2bxPyV/zOL/1/wxi/+p+WMW/9Pyxyz+p+ePWfzPyB+z+J+ZP2bxPyt/zOJ/dv6Yxf+c/DGL/7n5Yxb/8/LHLP7n549Z/C/IH7P4X5g/ZvG/KH/M4n9x/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8b8qf8zif3X+mMX/mvwxi/+1+WMW/+vyxyz+1+ePWfxvyB+z+N+YP2bxvyl/zOJ/c/6Yxf+W/DGL/635Yxb/2/LHLP63549Z/O/IH7P435k/ZvG/K3/M4n93/pjF/578MYv/vfljFv/78scs/vfnj1n8H8gfs/g/mD9m8X8of8zi/3D+mMX/kfwxi/+j+WMW/8fyxyz+j+ePWfyfyB+z+D+ZP2bxfyp/zOL/dP6Yxf+Z/DGL/7P5Yxb/5/LHLP7P549Z/F/IH7P4v5g/ZvF/KX/M4v9y/pjF/5X8MYv/q/ljFv/X8scs/q/nj1n838gfs/i/mT9m8X8rf0ziP85A/pjFf1D+mMV/cP6YxX+M/DGL/5D8MYv/mPljFv+x8scs/mPnj1n8x8kfs/iPmz9m8R8vf8ziP37+mMV/gvwxi/+E+WMW/4nyxyz+E+ePWfwnyR+z+E+aP2bxnyx/zOL/vvwxi//788cs/h/IH7P4fzB/zOL/ofwxi//k+WMW/w/nj1n8P5I/ZvH/aP6Yxf9j+WMW/ynyxyz+H88fs/hPmT9m8R+aP2bxnyp/zOI/df6YxX+a/DGL/7T5Yxb/6fLHLP7T549Z/GfIH7P4z5g/ZvH/RP6Yxf+T+WMW/0/lj1n8P50/ZvH/TP6YxX+m/DGL/8z5Yxb/WfLHLP6z5o9Z/GfLH7P4z54/ZvGfI3/M4j9n/pjFf678MYv/3PljFv958scs/vPmj1n858sfs/jPnz9m8f9s/pjF/3P5Yxb/z+ePWfy/kD9m8V8gf8ziv2D+mMV/ofwxi//C+WMW/y/mj1n8v5Q/ZvFfJH/M4r9o/pjF/8v5Yxb/xfLHLP5fyR+z+C+eP2bxXyJ/zOL/1fwxi/+S+WMW/6Xy/8fGHn5h8V86f8zi/7X8MYv/MvljFv9l88cs/l/PH7P4L5c/ZvH/Rv6YxX/5/DGL/wr5Yxb/FfPHLP4r5Y9Z/FfOH7P4fzN/zOL/rfwxi/8q+WMW/1Xzxyz+q+WPWfxXzx+z+H87f8ziv0b+mMV/zfwxi/9a+WMW/7Xzxyz+6+SPWfzXzR+z+K+XP2bx/07+mMV//fwxi/8G+WMW/w3zxyz+G+WPWfw3zh+z+G+SP2bx/27+mMV/0/wxi/9m+WMW/83zxyz+38sfs/h/P3/M4r9F/pjFf8v8MYv/VvljFv+t88cs/tvkj1n8f5A/ZvH/Yf6Yxf9H+WMW/23zxyz+2+WPWfy3zx+z+P84f8ziv0P+mMX/J/ljFv8d88cs/jvlj1n8f5o/ZvHfOX/M4r9L/pjFf9f8MYv/z/LHLP675Y9Z/H+eP2bx/0X+mMV/9/wxi/8e+WMW/z3zxyz+v8wfs/jvlT9m8d87f8ziv0/+mMV/3/wxi/9++WMW//3zxyz+v8ofs/gfkD9m8T8wf8zi/+v8MYv/b/LHLP4H5Y9Z/H+bP2bxPzh/zOJ/SP6Yxf/Q/DGL/+/yxyz+v88fs/gflj9m8f9D/pjF//D8MYv/EfljFv8j88cs/kflj1n8j84fs/j/MX/M4n9M/pjF/0/5Yxb/Y/PHLP7H5Y9Z/P+cP2bxPz5/zOJ/Qv6Yxf/E/DGL/0n5Yxb/k/PHLP5/yR+z+J+SP2bx/2v+mMX/1Pwxi/9p+WMW/9Pzxyz+Z+SPWfzPzB+z+J+VP2bxPzt/zOJ/Tv6Yxf/c/DGL/3n5Yxb/8/PHLP4X5I9Z/C/MH7P4X5Q/ZvG/OH/M4n9J/pjF/9L8MYv/ZfljFv/L88cs/lfkj1n8r8wfs/hflT9m8b86f8zif03+mMX/2vwxi/91+WMW/+vzxyz+N+SPWfxvzB+z+N+UP2bxvzl/zOJ/S/6Yxf/W/DGL/235Yxb/2/PHLP535I9Z/O/MH7P435U/ZvG/O3/M4n9P/pjF/978MYv/ffljFv/788cs/g/kj1n8H8wfs/g/lD9m8X84f8zi/0j+mMX/0fwxi/9j+WMW/8fzxyz+T+SPWfyfzB+z+D+VP2bxfzp/zOL/TP6Yxf/Z/DGL/3P5Yxb/5/PHLP4v5I9Z/F/MH7P4v5Q/ZvF/OX/M4v9K/pjF/9X8MYv/a/ljFv/X88cs/m/kj1n838wfs/i/lT8m8R93IH/M4j8of8ziPzh/zOI/Rv6YxX9I/qM0zt+uWfzHzB+z+I+VP2bxHzt/zOI/Tv6YxX/c/DGL/3j5Yxb/8fPHLP4T5I9Z/CfMH7P4T5Q/ZvGfOH/M4j9J/pjFf9L8MYv/ZPljFv/35Y9Z/N+fP2bx/0D+mMX/g/ljFv8P5Y9Z/CfPH7P4fzh/zOL/kfwxi/9H88cs/h/LH7P4T5E/ZvH/eP6YxX/K/DGL/9D8MYv/VPljFv+p88cs/tPkj1n8p80fs/hPlz9m8Z8+f8ziP0P+mMV/xvwxi/8n8scs/p/MH7P4fyp/zOL/6fwxi/9n8scs/jPlj1n8Z84fs/jPkj9m8Z81f8ziP1v+mMV/9vwxi/8c+WMW/znzxyz+c+WPWfznzh+z+M+TP2bxnzd/zOI/X/6YxX/+/DGL/2fzxyz+n8sfs/h/Pn/M4v+F/DGL/wI+/xe2+Rdmsvgv6PP/l7L4L5Q/ZvFfOH/M4v/F/DGL/5fyxyz+i+SPWfwXzR+z+H85f8ziv1j+mMX/K/ljFv/F88cs/kvkj1n8v5o/ZvFfMn/M4r9U/pjFf+n8MYv/1/LHLP7L5I9Z/JfNH7P4fz1/zOK/XP6Yxf8b+WMW/+Xzxyz+K+SPWfxXzB+z+K+UP2bxXzl/zOL/zfwxi/+38scs/qvkj1n8V80fs/ivlj9m8V89f8zi/+38MYv/GvljFv8188cs/mvlj1n8184fs/ivkz9m8V83f8ziv17+mMX/O/ljFv/188cs/hvkj1n8N8wfs/hvlD9m8d84f8ziv0n+mMX/u/ljFv9N88cs/pvlj1n8N88fs/h/L3/M4v/9/DGL/xb5Yxb/LfPHLP5b5Y9Z/LfOH7P4b5M/ZvH/Qf6Yxf+H+WMW/x/lj1n8t80fs/hvlz9m8d8+f8zi/+P8MYv/DvljFv+f5I9Z/HfMH7P475Q/ZvH/af6YxX/n/DGL/y75Yxb/XfPHLP4/yx+z+O+WP2bx/3n+mMX/F/ljFv/d88cs/nvkj1n898wfs/j/Mn/M4r9X/pjFf+/8MYv/PvljFv9988cs/vvlj1n8988fs/j/Kn/M4n9A/pjF/8D8MYv/r/PHLP6/yR+z+B+UP2bx/23+mMX/4Pwxi/8h+WMW/0Pzxyz+v8sfs/j/Pn/M4n9Y/pjF/w/5Yxb/w/PHLP5H5I9Z/I/MH7P4H5U/ZvE/On/M4v/H/DGL/zH5Yxb/P+WPWfyPzR+z+B+XP2bx/3P+mMX/+Pwxi/8J+WMW/xPzxyz+J+WPWfxPzh+z+P8lf8zif0r+mMX/r/ljFv9T88cs/qflj1n8T88fs/ifkT9m8T8zf8zif1b+mMX/7Pwxi/85+WMW/3Pzxyz+5+WPWfzPzx+z+F8wwn+M92q9/pdm8b+w/R+z+F+UP2bxvzh/zOJ/Sf6Yxf/S/DGL/2X5Yxb/y/PHLP5X5I9Z/K/MH7P4X5U/ZvG/On/M4n9N/pjF/9r8MYv/dfljFv/r88cs/jfkj1n8b8wfs/jflD9m8b85f8zif0v+mMX/1vwxi/9t+WMW/9vzxyz+d+SPWfzvzB+z+N+VP2bxvzt/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/B/MH7P4P5Q/ZvF/OH/M4v9I/pjF/9H8MYv/Y/ljFv/H88cs/k/kj1n8n8wfs/g/lT9m8X86f8zi/0z+mMX/2fwxi/9z+WMW/+fzxyz+L+SPWfxfzB+z+L+UP2bxfzl/zOL/Sv6Yxf/V/DGL/2v5Yxb/1/PHLP5v5I9Z/N/MH7P4v5U/JvEfbyB/zOI/KH/M4j84f8ziP0b+mMV/SP6YxX/M/DGL/1j5Yxb/sfPHLP7j5I9Z/MfNH7P4j5c/ZvEfP3/M4j9B/pjFf8L8MYv/RPljFv+J88cs/pPkj1n8J80fs/hPlj9m8X+f0X/wfz2Lxf/9Rv9/IYv/B/LHLP4fzB+z+H8of8ziP3n+mMX/w/ljFv+P5I9Z/D+aP2bx/1j+mMV/ivwxi//H88cs/lPmj1n8h+aPWfynyh+z+E+dP2bxnyZ/zOI/bf6YxX+6/DGL//T5Yxb/GfLHLP4z5o9Z/D+RP2bx/2T+mMX/U/ljFv9P549Z/D+TP2bxnyl/zOI/c/6YxX+W/DGL/6z5Yxb/2fLHLP6z549Z/OfIH7P4z5k/ZvGfK3/M4j93/pjFf578MYv/vPljFv/58scs/vPnj1n8P5s/ZvH/XP6Yxf/z+WMW/y/kj1n8F8gfs/gvmD9m8V8of8ziv3D+mMX/i/ljFv8v5Y9Z/BfJH7P4L5o/ZvH/cv6YxX+x/DGL/1fyxyz+i+ePWfyXyB+z+H81f8ziv2T+mMV/qfwxi//S+WMW/6/lj1n8l8kfs/gvmz8m8R8Y2C5/SuI/3nLt/5jF/xv5Yxb/5fPHLP4r5I9Z/FfMH7P4r5Q/ZvFfOX/M4v/N/DGL/7fyxyz+q+SPWfxXzR+z+K+WP2bxXz1/zOL/7fwxi/8a+WMW/zXzxyz+a+WPWfzXzh+z+K+TP2bxXzd/zOK/Xv6Yxf87+WMW//Xzxyz+G+SPWfw3zB+z+G+UP2bx3zh/zOK/Sf6Yxf+7+WMW/03zxyz+m+WPWfw3zx+z+H8vf8zi//38MYv/FvljFv8t88cs/lvlj1n8t84fs/hvkz9m8f9B/pjF/4f5Yxb/H+WPWfy3zR+z+G+XP2bx3z5/zOL/4/wxi/8O+WMW/5/kj1n8d8wfs/jvlD9m8f9p/pjFf+f8MYv/LvljFv9d88cs/j/LH7P475Y/ZvH/ef6Yxf8X+WMW/93zxyz+e+SPWfz3zB+z+P8yf8ziv1f+mMV/7/wxi/8++WMW/33zxyz+++WPWfz3zx+z+P8qf8zif0D+mMX/wPwxi/+v88cs/r/JH7P4H5Q/ZvH/bf6Yxf/g/DGL/yH5Yxb/Q/PHLP6/yx+z+P8+f8zif1j+mMX/D/ljFv/D88cs/kfkj1n8j8wfs/gflT9m8T86f8zi/8f8MYv/MfljFv8/5Y9Z/I/NH7P4H5c/ZvH/c/6Yxf/4/DGL/wn5Yxb/E/PHLP4n5Y9Z/E/OH7P4/yV/zOJ/Sv6Yxf+v+WMW/1Pzxyz+p+WPWfxPzx+z+J+RP2bxPzN/zOJ/Vv6Yxf/s/DGL/zn5Yxb/c/PHLP7n5Y9Z/M/PH7P4X5A/ZvG/MH/M4n9R/pjF/+L8MYv/JfljFv9L88cs/pflj1n8L88fs/hfkT9m8b8yf8zif1X+mMX/6vwxi/81+WMW/2vzxyz+1+WPWfyvzx+z+N+QP2bxvzF/zOJ/U/6Yxf/m/DGL/y35Yxb/W/PHLP635Y9Z/G/PH7P435E/ZvG/M3/M4n9X/pjF/+78MYv/PfljFv9788cs/vflj1n8788fs/g/kD9m8X8wf8zi/1D+mMX/4fwxi/8j+WMW/0fzxyz+j+WPWfwfzx+z+D+RP2bxfzJ/zOL/VP6Yxf/p/DGL/zP5Yxb/Z/PHLP7P5Y9Z/J/PH7P4v5A/ZvF/MX/M4v9S/pjF/+X8MYv/K/ljFv9X88cs/q/lj1n8X88fs/i/kT9m8X8zf8zi/1b+mMR//AGT/1j/+qwW/0Em/38ji//g/DGL/xj5Yxb/IfljFv8x88cs/mPlj1n8x84fs/iPkz9m8R83f8ziP17+mMV//Pwxi/8E+WMW/wnzxyz+E+WPWfwnzh+z+E+SP2bxnzR/zOI/Wf6Yxf99+WMW//fnj1n8P5A/ZvH/YP6Yxf9D+WMW/8nzxyz+H84fs/h/JH/M4v/R/DGL/8fyxyz+U+Q/an8bCov/x/PHLP5T5o9Z/Ifmj1n8p8ofs/hPnT9m8Z8mf8ziP23+mMV/uvwxi//0+WMW/xnyxyz+M+aPWfw/kT9m8f9k/pjF/1P5Yxb/T+ePWfw/kz9m8Z8pf8ziP3P+mMV/lvwxi/+s+WMW/9nyxyz+s+ePWfznyB+z+M+ZP2bxnyt/zOI/d/6YxX+e/DGL/7z5Yxb/+fLHLP7z549Z/D+bP2bx/1z+mMX/8/ljFv8v5I9Z/BfIH7P4L5g/ZvFfKH/M4r9w/pjF/4v5Yxb/L+WPWfwXyR+z+C+aP2bx/3L+mMV/sfwxi/9X8scs/ovnj1n8l8gfs/h/NX/M4r9k/pjFf6n8MYv/0vljFv+v5Y9Z/JfJH7P4L5s/ZvH/ev6YxX+5/DGL/zfyxyz+y+ePWfxXyB+z+K+YP2bxXyl/zOK/cv6Yxf+b+WMW/2/lj1n8V8kfs/ivmj9m8V8tf8ziv3r+mMX/2/ljFv818scs/mvmj1n818ofs/ivnT9m8V8nf8ziv27+mMV/vfwxi/938scs/uvnj1n8N8gfs/hvmD9m8d8of8ziv3H+mMV/k/wxi/9388cs/pvmj1n8N8sfs/hvnj9m8f9e/pjF//v5Yxb/LfLHLP5b5o9Z/LfKH7P4b50/ZvHfJn/M4v+D/DGL/w/zxyz+P8ofs/hvmz9m8d8uf8ziv33+mMX/x/ljFv8d8scs/j/JH7P475g/ZvHfKX/M4v/T/DGL/875Yxb/XfLHLP675o9Z/H+WP2bx3y1/zOL/8/wxi/8v8scs/rvnj1n898gfs/jvmT9m8f9l/pjFf6/8MYv/3vljFv998scs/vvmj1n898sfs/jvnz9m8f9V/pjF/4D8MYv/gfljFv9f549Z/H+TP2bxPyh/zOL/2/wxi//B+WMW/0Pyxyz+h+aPWfx/lz9m8f99/pjF/7D8MYv/H/LHLP6H549Z/I/IH7P4H5k/ZvE/Kn/M4n90/pjF/4/5Yxb/Y/LHLP5/yh+z+B+bP2bxPy5/zOL/5/wxi//x+WMW/xPyxyz+J+aPWfxPyh+z+J+cP2bx/0v+mMX/lPwxi/9f88cs/qfmj1n8T8sfs/ifnj9m8T8jf8zif2b+mMX/rPwxi//Z+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOJ/Yf6Yxf+i/DGL/8X5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/6r8MYv/1fljFv9r8scs/tfmj1n8r8sfs/hfnz9m8b8hf8zif2P+mMX/pvwxi//N+WMW/1vyxyz+t+aPWfxvyx+z+N+eP2bxvyN/zOJ/Z/6Yxf+u/DGL/935Yxb/e/LHLP735o9Z/O/LH7P4358/ZvF/IH/M4v9g/pjF/6H8MYv/w/ljFv9H8scs/o/mj1n8H8sfs/g/nj9m8X8if8zi/2T+mMX/qfwxi//T+WMW/2fyxyz+z+aPWfyfyx+z+D+fP2bxfyF/zOL/Yv6Yxf+l/DGL/8v5Yxb/V/LHLP6v5o9Z/F/LH7P4v54/ZvF/I3/M4v9m/pjF/638MYn/BAP5Yxb/QfljFv/B+WMW/zHyxyz+Q/LHLP5j5o9Z/MfKH7P4j50/ZvEfJ3/M4j9u/pjFf7z8MYv/+PljFv8J8scs/hPmj1n8J8ofs/hPnD9m8Z8kf8ziP2n+mMV/svwxi//78scs/u/PH7P4fyB/zOL/wfwxi/+H8scs/pPnj1n8P5w/ZvH/SP6Yxf+j+WMW/4/lj1n8p8gfs/h/PH/M4j9l/pjFf2j+mMV/qvwxi//U+WMW/2nyxyz+0+aPWfynyx+z+E+fP2bxnyF/zOI/Y/6Yxf8T+WMW/0/mj1n8P5U/ZvH/dP6Yxf8z+WMW/5nyxyz+M+ePWfxnyR+z+M+aP2bxny1/zOI/e/6YxX+O/DGL/5z5Yxb/ufLHLP5z549Z/OfJH7P4z5s/ZvGfL3/M4j9//pjF/7P5Yxb/z+WPWfw/nz9m8f9C/pjFf4H8MYv/gvljFv+F8scs/gvnj1n8v5g/ZvH/Uv6YxX+R/DGL/6L5Yxb/L+ePWfwXyx+z+H8lf8ziv3j+mMV/ifwxi/9X88cs/kvmj1n8l8ofs/gvnT9m8f9a/pjFf5n8MYv/svljFv+v549Z/JfLH7P4fyN/zOK/fP6YxX+F/DGL/4r5Yxb/lfLHLP4r549Z/L+ZP2bx/1b+mMV/lfwxi/+q+WMW/9Xyxyz+q+ePWfy/nT9m8V8jf8ziv2b+mMV/rfwxi//a+WMW/3Xyxyz+6+aPWfzXyx+z+H8nf8ziv37+mMV/g/wxi/+G+WMW/43yxyz+G+ePWfw3yR+z+H83f8ziv2n+mMV/s/wxi//m+WMW/+/lj1n8v58/ZvHfIn/M4r9l/pjFf6v8MYv/1vljFv9t8scs/j/IH7P4/zB/zOL/o/wxi/+2+WMW/+3yxyz+2+ePWfx/nD9m8d8hf8zi/5P8MYv/jvljFv+d8scs/j/NH7P475w/ZvHfJX/M4r9r/pjF/2f5Yxb/3fLHLP4/zx+z+P8if8ziv3v+mMV/j/wxi/+e+WMW/1/mj1n898ofs/jvnT9m8d8nf8ziv2/+mMV/v/wxi//++WMW/1/lj1n8D8gfs/gfmD9m8f91/pjF/zf5Yxb/g/LHLP6/zR+z+B+cP2bxPyR/zOJ/aP6Yxf93+WMW/9/nj1n8D8sfs/j/IX/M4n94/pjF/4j8MYv/kfljFv+j8scs/kfnj1n8/5g/ZvE/Jn/M4v+n/DGL/7H5Yxb/4/LHLP5/zh+z+B+fP2bxPyF/zOJ/Yv6Yxf+k/DGL/8n5Yxb/v+SPWfxPyR+z+P81f8zif2r+mMX/tPwxi//p+WMW/zPyxyz+Z+aPWfzPyh+z+J+dP2bxPyd/zOJ/bv6Yxf+8/DGL//n5Yxb/C/LHLP4X5o9Z/C/KH7P4X5w/ZvG/JH/M4n9p/pjF/7L8MYv/5fljFv8r8scs/lfmj1n8r8ofs/hfnT9m8b8mf8zif23+mMX/uvwxi//1+WMW/xvyxyz+N+aPWfxvyh+z+N+cP2bxvyV/zOJ/a/6Yxf+2/DGL/+35Yxb/O/LHLP535o9Z/O/KH7P4350/ZvG/J3/M4n9v/pjF/778MYv//fljFv8H8scs/g/mj1n8H8ofs/g/nD9m8X8kf8zi/2j+mMX/sfwxi//j+WMW/yfyxyz+T+aPWfyfyh+z+D+dP2bxfyZ/zOL/bP6Yxf+5/DGL//P5Yxb/F/LHLP4v5o9Z/F/KH7P4v5w/ZvF/JX/M4v9q/pjF/7X8MYv/6/ljFv838scs/m/mj1n838ofk/hPOJA/ZvEflD9m8R+cP2bxHyN/zOI/JH/M4j9m/pjFf6z8MYv/2PljFv9x8scs/uPmj1n8x8sfs/iPnz9m8Z8gf8ziP2H+mMV/ovwxi//E+WMW/0nyxyz+k+aPWfwnyx+z+L8vf8zi//78MYv/B/LHLP4fzB+z+H8of8ziP3n+mMX/w/ljFv+P5I9Z/D+aP2bx/1j+mMV/ivwxi//H88cs/lPmj1n8h+aPWfynyh+z+E+dP2bxnyZ/zOI/bf6YxX+6/DGL//T5Yxb/GfLHLP4z5o9Z/D+RP2bx/2T+mMX/U/ljFv9P549Z/D+TP2bxnyl/zOI/c/6YxX+W/DGL/6z5Yxb/2fLHLP6z549Z/OfIH7P4z5k/ZvGfK3/M4j93/pjFf578MYv/vPljFv/58scs/vPnj1n8P5s/ZvH/XP6Yxf/z+WMW/y/kj1n8F8gfs/gvmD9m8V8of8ziv3D+mMX/i/ljFv8v5Y9Z/BfJH7P4L5o/ZvH/cv6YxX+x/DGL/1fyxyz+i+ePWfyXyB+z+H81f8ziv2T+mMV/qfwxi//S+WMW/6/lj1n8l8kfs/gvmz9m8f96/pjFf7n8MYv/N/LHLP7L549Z/FfIH7P4r5g/ZvFfKX/M4r9y/pjF/5v5Yxb/b+WPWfxXyR+z+K+aP2bxXy1/zOK/ev6Yxf/b+WMW/zXyxyz+a+aPWfzXyh+z+K+dP2bxXyd/zOK/bv6YxX+9/DGL/3fyxyz+6+ePWfw3yB+z+G+YP2bx3yh/zOK/cf6YxX+T/DGL/3fzxyz+m+aPWfw3yx+z+G+eP2bx/17+mMX/+/ljFv8t8scs/lvmj1n8t8ofs/hvnT9m8d8mf8zi/4P8MYv/D/PHLP4/yh+z+G+bP2bx3y5/zOK/ff6Yxf/H+WMW/x3yxyz+P8kfs/jvmD9m8d8pf8zi/9P8MYv/zvljFv9d8scs/rvmj1n8f5Y/ZvHfLX/M4v/z/DGL/y/yxyz+u+ePWfz3yB+z+O+ZP2bx/2X+mMV/r/wxi//e+WMW/33yxyz+++aPWfz3yx+z+O+fP2bx/1X+mMX/gPwxi/+B+WMW/1/nj1n8f5M/ZvE/KH/M4v/b/DGL/8H5Y/+J/oMGBrYbGM3/kPyx/0R/2v8PzR+z+P8uf8zi//v8MYv/YfljFv8/5I9Z/A/PH7P4H5E/ZvE/Mn/M4n9U/pjF/+j8MYv/H/PHLP7H5I9Z/P+UP2bxPzZ/zOJ/XP6Yxf/P+WMW/+Pzxyz+J+SPWfxPzB+z+J+UP2bxPzl/zOL/l/wxi/8p+WMW/7/mj1n8T80fs/iflj9m8T89f8zif0b+mMX/zPwxi/9Z+WMW/7Pzxyz+5+SPWfzPzR+z+J+XP2bxPz9/zOJ/Qf6Yxf/C/DGL/0X5Yxb/i/PHLP6X5I9Z/C/NH7P4X5Y/ZvG/PH/M4n9F/pjF/8r8MYv/VfljFv+r88cs/tfkj1n8r80fs/hflz9m8b8+f8zif0P+mMX/xvwxi/9N+WMW/5vzxyz+t+SPWfxvzR+z+N+WP2bxvz1/zOJ/R/6Yxf/O/DGL/135Yxb/u/PHLP735I9Z/O/NH7P435c/ZvG/P3/M4v9A/pjF/8H8MYv/Q/ljFv+H88cs/o/kj1n8H80fs/g/lj9m8X88f8zi/0T+mMX/yfwxi/9T+WMW/6fzxyz+z+SPWfyfzR+z+D+XP2bxfz5/zOL/Qv6Yxf/F/DGL/0v5Yxb/l/PHLP6v5I9Z/F/NH7P4v5Y/ZvF/PX/M4v9G/pjF/838MYv/W/ljEv+JBvLHLP6D8scs/oPV/lO+4z0W/zHU/u+cxX9I/pjFf8z8MYv/WPljFv+x88cs/uPkj1n8x80fs/iPlz9m8R8/f8ziP0H+mMV/wvwxi/9E+WMW/4nzxyz+k+SPWfwnzR+z+E+WP2bxf1/+mMX//fljFv8P5I9Z/D+YP2bx/1D+mMV/8vwxi/+H88cs/h/JH7P4fzR/zOL/sfwxi/8U+WMW/4/nj1n8p8wfs/gPzR+z+E+VP2bxnzp/zOI/Tf6YxX/a/DGL/3T5Yxb/6fPHLP4z5I9Z/GfMH7P4fyJ/zOL/yfwxi/+n8scs/p/OH7P4fyZ/zOI/U/6YxX/m/DGL/yz5Yxb/WfPHLP6z5Y9Z/GfPH7P4z5E/ZvGfM3/M4j9X/pjFf+78MYv/PPljFv9588cs/vPlj1n8588fs/h/Nn/M4v+5/DGL/+fzxyz+X8gfs/gvkD9m8V8wf8ziv1D+mMV/4fwxi/8X88cs/l/KH7P4L5I/ZvFfNH/M4v/l/DGL/2L5Yxb/r+SPWfwXzx+z+C+RP2bx/2r+mMV/yfwxi/9S+WMW/6Xzxyz+X8sfs/gvkz9m8V82f8zi//X8MYv/cvljFv9v5I9Z/JfPH7P4r5A/ZvFfMX/M4r9S/pjFf+X8MYv/N/PHLP7fyh+z+K+SP2bxXzV/zOK/Wv6YxX/1/DGL/7fzxyz+a+SPWfzXzB+z+K+VP2bxXzt/zOK/Tv6YxX/d/DGL/3r5Yxb/7+SPWfzXzx+z+G+QP2bx3zB/zOK/Uf6YxX/j/DGL/yb5Yxb/7+aPWfw3zR+z+G+WP2bx3zx/zOL/vfwxi//388cs/lvkj1n8t8wfs/hvlT9m8d86f8ziv03+mMX/B/ljFv8f5o9Z/H+UP2bx3zZ/zOK/Xf6YxX/7/DGL/4/zxyz+O+SPWfx/kj9m8d8xf8ziv1P+mMX/p/ljFv+d88cs/rvkj1n8d80fs/j/LH/M4r9b/pjF/+f5Yxb/X+SPWfx3zx+z+O+RP2bx3zN/zOL/y/wxi/9e+WMW/73zxyz+++SPWfz3zR+z+O+XP2bx3z9/zOL/q/wxi/8B+WMW/wPzxyz+v84fs/j/Jn/M4n9Q/pjF/7f5Yxb/g/PHLP6H5I9Z/A/NH7P4/y5/zOL/+/wxi/9h+WMW/z/kj1n8D88fs/gfkT82mv/x/6n+R+aPWfb/o/LHLP5H549Z/P+YP2bxPyZ/zOL/p/wxi/+x+WMW/+Pyxyz+f84fs/gfnz9m8T8hf8zif2L+mMX/pPwxi//J+WMW/7/kj1n8T8kfs/j/NX/M4n9q/pjF/7T8MYv/6fljFv8z8scs/mfmj1n8z8ofs/ifnT9m8T8nf8zif27+mMX/vPwxi//5+WMW/wvyxyz+F+aPWfwvyh+z+F+cP2bxvyR/zOJ/af6Yxf+y/DGL/+X5Yxb/K/LHLP5X5o9Z/K/KH7P4X50/ZvG/Jn/M4n9t/pjF/7r8MYv/9fljFv8b8scs/jfmj1n8b8ofs/jfnD9m8b8lf8zif2v+mMX/tvwxi//t+WMW/zvyxyz+d+aPWfzvyh+z+N+dP2bxvyd/zOJ/b/6Yxf++/DGL//35Yxb/B/LHLP4P5o9Z/B/KH7P4P5w/ZvF/JH/M4v9o/pjF/7H8MYv/4/ljFv8n8scs/k/mj1n8n8ofs/g/nT9m8X8mf8zi/2z+mMX/ufwxi//z+WMW/xfyxyz+L+aPWfxfyh+z+L+cP2bxfyV/zOL/av6Yxf+1/DGL/+v5Yxb/N/LHLP5v5o9Z/N/KH5P4TzyQP2bxH5Q/ZvEfnD9m8R8jf8ziPyR/zOI/Zv6YxX+s/DGL/9j5Yxb/cfLH/j927j7c67q+4/gX+KCICjpXCw0jEEVTQVCRzBu01CNwtBtLSVBSvJmgTCnQlZLdWFs5y1WurTRvUmdq4ay5hqOcc7poVlTbbIzNHGuFy3LiVsmuA+cQ5/TuXJ4v33296v14/ME5v9/p/Ut5XlcvfofrlKX/DvqHsvQfrn8oS/8d9Q9l6b+T/qEs/XfWP5Sl/wj9Q1n6j9Q/lKX/LvqHsvTfVf9Qlv6/oX8oS//d9A9l6f+b+oey9H+R/qEs/V+sfyhL/9/SP5Sl/0v0D2XpP0r/UJb+u+sfytJ/D/1DWfq/VP9Qlv6j9Q9l6b+n/qEs/V+mfyhL/zH6h7L0f7n+oSz9x+ofytJ/nP6hLP330j+Upf94/UNZ+u+tfyhL/330D2XpP0H/UJb+++ofytJ/P/1DWfq/Qv9Qlv776x/K0v8A/UNZ+h+ofyhL/4n6h7L0n6R/KEv/g/QPZek/Wf9Qlv5T9A9l6X+w/qEs/Q/RP5Sl/6H6h7L0n6p/KEv/w/QPZek/Tf9Qlv6v1D+Upf/h+oey9H+V/qEs/Y/QP5Sl/5H6h7L0P0r/UJb+R+sfytJ/uv6hLP2P0T+Upf+x+oey9H+1/qEs/V+jfyhL/+P0D2Xpf7z+oSz9T9A/lKV/h/6hLP1P1D+Upf8M/UNZ+s/UP5Sl/yz9Q1n6d+ofytL/JP1DWfqfrH8oS//X6h/K0v91+oey9H+9/qEs/d+gfyhL/1P0D2Xp/0b9Q1n6v0n/UJb+p+ofytL/NP1DWfrP1j+Upf+b9Q9l6X+6/qEs/efoH8rSf67+oSz9z9A/lKX/mfqHsvSfp38oS/+36B/K0v8s/UNZ+p+tfyhL//n6h7L0P0f/UJb+5+ofytL/PP1DWfqfr38oS//f1j+Upf8F+oey9F+gfyhL/4X6h7L0v1D/UJb+F+kfytJ/kf6hLP1/R/9Qlv4X6x/K0v8S/UNZ+i/WP5Sl/1v1D2Xp/zb9Q1n6L9E/lKX/Uv1DWfpfqn8oS//L9A9l6f+7+oey9H+7/qEs/d+hfyhL/8v1D2Xpf4X+oSz9l+kfytL/nfqHsvS/Uv9Qlv7v0j+Upf+79Q9l6f8e/UNZ+r9X/1CW/lfpH8rS/336h7L0f7/+oSz9f0//UJb+v69/KEv/D+gfytL/g/qHsvS/Wv9Qlv5/oH8oS/9r9A9l6f8h/UNZ+n9Y/1CW/tfqH8rS/w/1D2Xp/xH9Q1n6f1T/UJb+H9M/lKX/dfqHsvT/I/1DWfp/XP9Qlv5/rH8oS/8/0T+Upf8n9A9l6f9J/UNZ+l+vfyhL/xv0D2Xp/yn9Q1n636h/KEv/m/QPZel/s/6hLP1v0T+Upf+n9Q9l6X+r/qEs/W/TP5Sl/+36h7L0/1P9Q1n636F/KEv/z+gfytL/Tv1DWfrfpX8oS/+79Q9l6f9Z/UNZ+n9O/1CW/sv1D2Xpf4/+oSz9/0z/UJb+9+ofytL/8/qHsvT/gv6hLP3/XP9Qlv736R/K0v8v9A9l6f9F/UNZ+v+l/qEs/VfoH8rS/379Q1n6/5X+oSz9V+ofytL/S/qHsvT/sv6hLP0f0D+Upf9f6x/K0v9B/UNZ+v+N/qEs/R/SP5Sl/9/qH8rS/2H9Q1n6P6J/KEv/v9M/lKX/V/QPZem/Sv9Qlv5f1T+Upf/f6x/K0v9R/UNZ+n9N/1CW/l/XP5Sl/zf0D2Xpv1r/UJb+39Q/lKX/t/QPZen/bf1DWfr/g/6hLP3/Uf9Qlv7/pH8oS//H9A9l6f8d/UNZ+v+z/qEs/dfoH8rS/1/0D2Xpv1b/UJb+/6p/KEv/f9M/lKX/4/qHsvT/rv6hLP2f0D+Upf+/6x/K0n+d/qEs/f9D/1CW/t/TP5Sl/3/qH8rS//v6h7L0/4H+oSz91+sfytL/Sf1DWfr/l/6hLP1/qH8oS/+n9A9l6f8j/UNZ+v9Y/1CW/k/rH8rS/7/1D2Xp/4z+oSz9N+gfytL/Wf1DWfr/j/6hLP3/V/9Qlv4/0T+Upf9P9Q9l6f8z/UNZ+j+nfyhL/436h5L036XSP5Sl/yD9Q1n6D9Y/lKX/EP1DWfoX/UNZ+g/VP5Sl/3b6h7L0317/UJb+w/QPZem/g/6hLP2H6x/K0n9H/UNZ+u+kfyhL/531D2XpP0L/UJb+I/UP/dr1BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACqqqNz+vohg3o9NWTrB6NXzd/08eANp553yy2f37XnY/eXZwQvOXjrBxs3btw4+OnqK90Pt6+qquu/bZfux8P6Hne9/hXTr5uw+VEZc+Oz+92x5Nlj3nv36ts2HH/rjDuGbnp2aHXmOecvmD9pcFWVcUOrpV0PDhpUVWXvodU1XQ8mdz3YZ2h1W9eDKZse7FCt7Hpw4FkXLTi764kJtX/PAOBXXUfnsmpIr8Wuev1pYOv9v2L6Pct6Pvbzkj2vVqru/b9v+W5v6/O1Hr9k/3tev7y87/4P+F8QAPgFA9v/B8b0fOznJX/h/f+sCz+6OvraL9//ntcvY+0/ADQv+P5/r43u+33/Pt//j/4csOX+gjOu3b5r/2/dcMri7qfK8/n+/89fv4zru/+De33/f1BVlb16vv+/fVWV8dv42wEAKXR0vnN9f+//+9//snufm0Fb7/+ud648pWv/1wy/+8XdTw0d4P7v1d/7/+P6/LMCAM9PR+enNvZ5/z+A/a/2Dl5yy/4fu/ThF3Xt/9fWfHfMVl8byP6P77v/ExcvXDTxkksvO+D8hfPOnX/u/AunTZ162CFTD502eeKm7whs/nUbf1MA4Nfctr3/r4b3uRlUVU9suf/AitEPd+3/5I+fcF73U8MGuP979/v+f4z3/wDQy9jB1XbbVUvnLV588UGbf+15OHnzr5v/Y8H+D+Dv/8f1/BBdz88MDqqql2y577zkfYO79v+mcbuv6H5quwHu/z797v/RvX9WEQB4frbx/f/ZfW567f/IIbdP69r/E8fve1X3UwP9+/8J/e7/Dd7/A0AdHZ3V/+ub6K79v3Knn11f77rs6+f/AKB5bez/k6PfNbbeddnP/gNA89rY//lH7XxvvevyCvsPAM1rY/8f6rh2Tr3rsr/9B4DmtbH/My8Y/Ui963KA/QeA5rWx/2MuO2tJvetyoP0HgOa1sf93nLp+bb3rMtH+A0Dz2tj/04etearedZlk/wGgeW3s/7f3O/mcetflIPsPAM1rY/+/ePiBj9W7LpPtPwA0r439nzTqhpn1rssU+w8AzWtj/z980ZE317suB9t/AGheG/s/atZnp9S7LofYfwBoXhv7/9bTv3p1vetyqP0HgOa1sf/PXX70qHrXZar9B4DmtbH/Kx/ac3a963KY/QeA5rWx/zOeuGZVvesyzf4DQPPa2P99nn5yUb3r8kr7DwDNa2P/P/OtM9fVuy6H238AaF4b+z/ihudG1rsur7L/ANC8Nvb/PVcuuq7edTnC/gNA89rY/+9dO2J8vetypP0HgOa1sf9v+dyy5fWuy1H2HwCa18b+f/3xKTPqXZej7T8ANK+N/T/tSyu+U++6TLf/ANC8Nvb/kEcfmFfvuhxj/wGgeW3s//0/mvVMvetyrP0HgOa1sf8vffc39qx3XV5t/wGgeW3s/8c+Pef99a7La+w/ADSvjf3/yRfGHVzvuhxn/wGgeW3s/6KP3HlTvetyvP0HgOa1sf+d+/94bb3rcoL9B4DmtbH/D454x5J616XD/gNA89rY/9tfNuSRetflRPsPAM1rY//HHvHBOfWuywz7DwDNa2P/l83Y7d5612Wm/QeA5rWx/zue/4mx9a7LLPsPAM1rY//PXfr49fWuS6f9B4DmtbH/P5i9cFi963KS/QeA5rWx/3sMnzuq3nU52f4DQPPa2P9rJjx6db3r8lr7DwDNa2P/fzrtrin1rsvr7D8ANK+N/V+yx5ib612X19t/AGheG/v/zYX3z6x3Xd5g/wGgeW3s/9yTJj1W77qcYv8BoHlt7P/kuZ3n1Lsub7T/ANC8Nvb/vrevfKredXmT/QeA5rWx/1c9+Mnl9a7LqfYfAJrXxv7vtG6X8fWuy2n2HwCa18b+n/nMhdfVuy6z7T8ANK+N/f/+6rUj612XN9t/AGheG/vfcePl6+pdl9PtPwA0r439//KyHy6qd13m2H8AaF4b+3/Xh65eVe+6zLX/ANC8NvZ//D3V7HrX5Qz7DwDNu+TSyy6Yt2DB/It94hOf+GTLJy/0/zIBAABN+/kf+l/ofxIAAAAAAAAAAAAAAAAAAADIq43/O7EX+t8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/9iBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAABAkL/1CgMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfAQAA//9MHNIy") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x1b2) renameat2(r0, &(0x7f00000001c0)='./file0\x00', r0, &(0x7f0000000200)='./bus/file0\x00', 0x0) 160.347485ms ago: executing program 5 (id=95): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a500000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 99.05µs ago: executing program 3 (id=96): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r1, 0x400448ca, 0x0) 0s ago: executing program 4 (id=97): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "5a5f0000008a3f00"}) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCMSET(r1, 0x5418, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.179' (ED25519) to the list of known hosts. [ 86.237137][ T5830] cgroup: Unknown subsys name 'net' [ 86.356378][ T5830] cgroup: Unknown subsys name 'cpuset' [ 86.365376][ T5830] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 87.877282][ T5830] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 90.329950][ T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.342326][ T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.350161][ T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.358369][ T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.366173][ T55] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 90.394751][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.402093][ T5848] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.409928][ T5848] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.442982][ T5853] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.459713][ T5851] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.467005][ T5856] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.470738][ T5851] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 90.474931][ T5856] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.489570][ T5856] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 90.490275][ T5851] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.510259][ T5856] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.512557][ T5851] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 90.533420][ T5856] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.543715][ T5851] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 90.551331][ T5865] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 90.552955][ T5856] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 90.565679][ T5862] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 90.593665][ T5856] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.593748][ T5864] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.631009][ T5863] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.632940][ T5864] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 90.641648][ T55] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 90.645869][ T5864] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 90.652757][ T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.659568][ T5864] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 90.680308][ T55] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 90.687566][ T5864] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.688222][ T55] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 90.703342][ T55] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 90.711485][ T55] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 90.718922][ T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 91.209213][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 91.301661][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 91.353191][ T5852] chnl_net:caif_netlink_parms(): no params data found [ 91.433264][ T5857] chnl_net:caif_netlink_parms(): no params data found [ 91.603859][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 91.718880][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.732862][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.740350][ T5846] bridge_slave_0: entered allmulticast mode [ 91.753496][ T5846] bridge_slave_0: entered promiscuous mode [ 91.761689][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.775519][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.785706][ T5841] bridge_slave_0: entered allmulticast mode [ 91.793109][ T5841] bridge_slave_0: entered promiscuous mode [ 91.817043][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.839730][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.862614][ T5841] bridge_slave_1: entered allmulticast mode [ 91.869856][ T5841] bridge_slave_1: entered promiscuous mode [ 91.896559][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.903890][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.911139][ T5846] bridge_slave_1: entered allmulticast mode [ 91.919054][ T5846] bridge_slave_1: entered promiscuous mode [ 91.955842][ T5855] chnl_net:caif_netlink_parms(): no params data found [ 91.966872][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.980588][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.988603][ T5852] bridge_slave_0: entered allmulticast mode [ 92.003124][ T5852] bridge_slave_0: entered promiscuous mode [ 92.075053][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.085603][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.093738][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.100903][ T5852] bridge_slave_1: entered allmulticast mode [ 92.108759][ T5852] bridge_slave_1: entered promiscuous mode [ 92.156339][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.204227][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.214161][ T5857] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.221621][ T5857] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.229457][ T5857] bridge_slave_0: entered allmulticast mode [ 92.236694][ T5857] bridge_slave_0: entered promiscuous mode [ 92.245009][ T5857] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.252111][ T5857] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.259361][ T5857] bridge_slave_1: entered allmulticast mode [ 92.266422][ T5857] bridge_slave_1: entered promiscuous mode [ 92.311764][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.340846][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.378808][ T5841] team0: Port device team_slave_0 added [ 92.388417][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.407278][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.414691][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.421929][ T5847] bridge_slave_0: entered allmulticast mode [ 92.429772][ T5847] bridge_slave_0: entered promiscuous mode [ 92.449111][ T5846] team0: Port device team_slave_0 added [ 92.480021][ T5841] team0: Port device team_slave_1 added [ 92.503936][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.511108][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.518967][ T5847] bridge_slave_1: entered allmulticast mode [ 92.526647][ T5847] bridge_slave_1: entered promiscuous mode [ 92.535555][ T5846] team0: Port device team_slave_1 added [ 92.553573][ T5857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.566734][ T5857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.594652][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.601624][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.628151][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.642816][ T5852] team0: Port device team_slave_0 added [ 92.675395][ T5855] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.683289][ T5864] Bluetooth: hci2: command tx timeout [ 92.692305][ T5848] Bluetooth: hci0: command tx timeout [ 92.694003][ T5855] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.697962][ T5864] Bluetooth: hci1: command tx timeout [ 92.705323][ T5855] bridge_slave_0: entered allmulticast mode [ 92.719691][ T5855] bridge_slave_0: entered promiscuous mode [ 92.727421][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.734786][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.761686][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.762397][ T5848] Bluetooth: hci5: command tx timeout [ 92.775593][ T5852] team0: Port device team_slave_1 added [ 92.777723][ T55] Bluetooth: hci4: command tx timeout [ 92.789156][ T5864] Bluetooth: hci3: command tx timeout [ 92.809114][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.821161][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.841780][ T5855] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.849329][ T5855] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.856767][ T5855] bridge_slave_1: entered allmulticast mode [ 92.864463][ T5855] bridge_slave_1: entered promiscuous mode [ 92.886021][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.893357][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.920174][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.943990][ T5857] team0: Port device team_slave_0 added [ 92.971282][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.978599][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.005642][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.017950][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.025302][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.051486][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.081084][ T5847] team0: Port device team_slave_0 added [ 93.089970][ T5857] team0: Port device team_slave_1 added [ 93.109682][ T5855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.121766][ T5855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.131825][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.139259][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.165641][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.195872][ T5847] team0: Port device team_slave_1 added [ 93.248490][ T5846] hsr_slave_0: entered promiscuous mode [ 93.255219][ T5846] hsr_slave_1: entered promiscuous mode [ 93.282694][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.289707][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.316926][ T5857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.341310][ T5855] team0: Port device team_slave_0 added [ 93.349740][ T5855] team0: Port device team_slave_1 added [ 93.382580][ T5841] hsr_slave_0: entered promiscuous mode [ 93.389094][ T5841] hsr_slave_1: entered promiscuous mode [ 93.395488][ T5841] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.403667][ T5841] Cannot create hsr debugfs directory [ 93.409770][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.417114][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.443660][ T5857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.513488][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.520488][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.546560][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.576351][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.583504][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.610077][ T5855] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.628020][ T5852] hsr_slave_0: entered promiscuous mode [ 93.634703][ T5852] hsr_slave_1: entered promiscuous mode [ 93.640979][ T5852] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.649052][ T5852] Cannot create hsr debugfs directory [ 93.659686][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.666958][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.693104][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.736213][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.743517][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.769881][ T5855] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.840087][ T5847] hsr_slave_0: entered promiscuous mode [ 93.847357][ T5847] hsr_slave_1: entered promiscuous mode [ 93.853863][ T5847] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.861450][ T5847] Cannot create hsr debugfs directory [ 93.881083][ T5857] hsr_slave_0: entered promiscuous mode [ 93.887844][ T5857] hsr_slave_1: entered promiscuous mode [ 93.924634][ T5857] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.932913][ T5857] Cannot create hsr debugfs directory [ 94.053668][ T5855] hsr_slave_0: entered promiscuous mode [ 94.060363][ T5855] hsr_slave_1: entered promiscuous mode [ 94.067826][ T5855] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.075787][ T5855] Cannot create hsr debugfs directory [ 94.374827][ T5841] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 94.388135][ T5841] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 94.426520][ T5841] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 94.439120][ T5841] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 94.551225][ T5846] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 94.568160][ T5846] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 94.578979][ T5846] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 94.591396][ T5846] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 94.652408][ T5852] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.664315][ T5852] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.700662][ T5852] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.723331][ T5852] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.770241][ T5864] Bluetooth: hci0: command tx timeout [ 94.776029][ T5848] Bluetooth: hci2: command tx timeout [ 94.781598][ T55] Bluetooth: hci1: command tx timeout [ 94.802620][ T5847] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.815319][ T5847] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.838304][ T5847] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.845779][ T5848] Bluetooth: hci5: command tx timeout [ 94.851232][ T5864] Bluetooth: hci3: command tx timeout [ 94.852474][ T55] Bluetooth: hci4: command tx timeout [ 94.871055][ T5847] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.926459][ T5855] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.957901][ T5855] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.971532][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.996225][ T5855] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 95.007486][ T5855] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 95.050621][ T5857] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 95.078295][ T5857] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 95.093019][ T5857] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 95.131711][ T5857] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 95.165887][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.181112][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.188418][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.238228][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.245452][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.277579][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.309673][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.389414][ T5852] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.416475][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.440213][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.471507][ T3474] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.478675][ T3474] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.489441][ T3474] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.496565][ T3474] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.527164][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.534288][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.550999][ T3474] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.558150][ T3474] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.577914][ T5855] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.605022][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.624731][ T5855] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.646308][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.731293][ T1131] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.738481][ T1131] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.759318][ T1131] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.766591][ T1131] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.789364][ T1131] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.796558][ T1131] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.855847][ T1858] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.863059][ T1858] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.901944][ T5852] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 95.917409][ T5852] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 95.975766][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.987160][ T5857] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.028760][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.035986][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.064187][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.071368][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.170746][ T5846] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 96.520689][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.537396][ T47] cfg80211: failed to load regulatory.db [ 96.721334][ T5852] veth0_vlan: entered promiscuous mode [ 96.843611][ T55] Bluetooth: hci1: command tx timeout [ 96.844766][ T5864] Bluetooth: hci0: command tx timeout [ 96.849083][ T55] Bluetooth: hci2: command tx timeout [ 96.867246][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.894931][ T5852] veth1_vlan: entered promiscuous mode [ 96.918979][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.926545][ T5848] Bluetooth: hci3: command tx timeout [ 96.931989][ T5848] Bluetooth: hci5: command tx timeout [ 96.938124][ T55] Bluetooth: hci4: command tx timeout [ 96.949039][ T5855] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.014803][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.085830][ T5852] veth0_macvtap: entered promiscuous mode [ 97.118802][ T5847] veth0_vlan: entered promiscuous mode [ 97.144255][ T5841] veth0_vlan: entered promiscuous mode [ 97.199198][ T5855] veth0_vlan: entered promiscuous mode [ 97.217440][ T5852] veth1_macvtap: entered promiscuous mode [ 97.229782][ T5847] veth1_vlan: entered promiscuous mode [ 97.251421][ T5841] veth1_vlan: entered promiscuous mode [ 97.276411][ T5855] veth1_vlan: entered promiscuous mode [ 97.320640][ T5857] veth0_vlan: entered promiscuous mode [ 97.354044][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.381412][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.391637][ T5855] veth0_macvtap: entered promiscuous mode [ 97.402605][ T5857] veth1_vlan: entered promiscuous mode [ 97.420606][ T5847] veth0_macvtap: entered promiscuous mode [ 97.439361][ T5852] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.448771][ T5852] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.458110][ T5852] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.466941][ T5852] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.497556][ T5855] veth1_macvtap: entered promiscuous mode [ 97.519106][ T5841] veth0_macvtap: entered promiscuous mode [ 97.530291][ T5841] veth1_macvtap: entered promiscuous mode [ 97.551901][ T5847] veth1_macvtap: entered promiscuous mode [ 97.583859][ T5846] veth0_vlan: entered promiscuous mode [ 97.601502][ T5855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.613169][ T5855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.625692][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.641581][ T5857] veth0_macvtap: entered promiscuous mode [ 97.656261][ T5857] veth1_macvtap: entered promiscuous mode [ 97.666401][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.677909][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.688200][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.698957][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.710389][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.747151][ T5846] veth1_vlan: entered promiscuous mode [ 97.757475][ T5855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.768309][ T5855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.781815][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.817591][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.828313][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.838405][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.849352][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.859531][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.870086][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.882050][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.900975][ T5855] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.909833][ T5855] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.918716][ T5855] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.927489][ T5855] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.948877][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.959688][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.969860][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.980370][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.991997][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.009663][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.020312][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.030462][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.042318][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.052379][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.062895][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.074781][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.082977][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.093730][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.103863][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.114711][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.125340][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.136174][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.146242][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.157051][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.168582][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.218746][ T5841] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.229482][ T5841] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.238443][ T5841] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.252239][ T5841] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.291997][ T5847] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.304541][ T5847] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.313779][ T5847] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.322572][ T5847] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.335772][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.346455][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.356557][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.368022][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.379541][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.390058][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.400818][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.411745][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.423789][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.433855][ T5846] veth0_macvtap: entered promiscuous mode [ 98.460133][ T5846] veth1_macvtap: entered promiscuous mode [ 98.473130][ T5857] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.481893][ T5857] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.491572][ T5857] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.500788][ T5857] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.533934][ T1858] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.545664][ T1858] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.639507][ T1858] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.648853][ T1858] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.661797][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.673433][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.684163][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.695095][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.705407][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.716166][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.726248][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.737040][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.747115][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.757759][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.772111][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.816375][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.831437][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.841645][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.856622][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.867753][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.878380][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.888338][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.898871][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.908782][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.919305][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.929287][ T55] Bluetooth: hci1: command tx timeout [ 98.929353][ T5848] Bluetooth: hci0: command tx timeout [ 98.932443][ T5848] Bluetooth: hci2: command tx timeout [ 98.938607][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.959881][ T5846] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.974041][ T5846] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.985289][ T5846] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.994439][ T5846] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.003726][ T55] Bluetooth: hci5: command tx timeout [ 99.003868][ T5864] Bluetooth: hci4: command tx timeout [ 99.009154][ T5848] Bluetooth: hci3: command tx timeout [ 99.058788][ T5852] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 99.098057][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.112666][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.128870][ T3474] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.139919][ T3474] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.289191][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.301136][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.346489][ T1858] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.368341][ T1858] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.451858][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.460236][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.507552][ T1858] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.539832][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.547272][ T1858] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.602868][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.702586][ T5959] loop3: detected capacity change from 0 to 256 [ 99.730627][ T1131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.749477][ T1131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.763839][ T5959] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 99.789964][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.829562][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.857393][ T5959] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 99.893527][ T5959] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 99.901249][ T5959] UDF-fs: Scanning with blocksize 512 failed [ 99.973909][ T5959] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 100.015368][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.062305][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.080194][ T5959] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 100.468258][ T29] audit: type=1326 audit(1729843692.909:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3f317e719 code=0x7ffc0000 [ 100.561669][ T5975] loop1: detected capacity change from 0 to 1024 [ 100.569260][ T29] audit: type=1326 audit(1729843692.929:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3f317e719 code=0x7ffc0000 [ 100.633864][ T5975] ======================================================= [ 100.633864][ T5975] WARNING: The mand mount option has been deprecated and [ 100.633864][ T5975] and is ignored by this kernel. Remove the mand [ 100.633864][ T5975] option from the mount to silence this warning. [ 100.633864][ T5975] ======================================================= [ 100.706048][ T29] audit: type=1326 audit(1729843692.939:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fb3f317e719 code=0x7ffc0000 [ 100.787956][ T5975] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 100.802240][ T29] audit: type=1326 audit(1729843692.949:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb3f317e753 code=0x7ffc0000 [ 100.915216][ T29] audit: type=1326 audit(1729843692.949:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fb3f317d1ff code=0x7ffc0000 [ 100.968942][ T5975] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:482: comm syz.1.2: Invalid block bitmap block 0 in block_group 0 [ 101.032443][ T29] audit: type=1326 audit(1729843692.999:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fb3f317e7a7 code=0x7ffc0000 [ 101.085965][ T5975] Quota error (device loop1): write_blk: dquota write failed [ 101.104183][ T5975] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 101.134660][ T29] audit: type=1326 audit(1729843692.999:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb3f317d0b0 code=0x7ffc0000 [ 101.170047][ T5975] EXT4-fs error (device loop1): ext4_acquire_dquot:6877: comm syz.1.2: Failed to acquire dquot type 0 [ 101.263183][ T5975] EXT4-fs error (device loop1): ext4_free_blocks:6588: comm syz.1.2: Freeing blocks not in datazone - block = 0, count = 4096 [ 101.317827][ T29] audit: type=1326 audit(1729843692.999:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5972 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb3f317e31b code=0x7ffc0000 [ 101.385792][ T5975] EXT4-fs error (device loop1): ext4_read_inode_bitmap:138: comm syz.1.2: Invalid inode bitmap blk 0 in block_group 0 [ 101.472541][ T35] EXT4-fs error (device loop1): ext4_release_dquot:6900: comm kworker/u8:2: Failed to release dquot type 0 [ 101.498923][ T5975] EXT4-fs error (device loop1) in ext4_free_inode:360: Corrupt filesystem [ 101.570192][ T5975] EXT4-fs (loop1): 1 orphan inode deleted [ 101.584878][ T5975] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 101.835592][ T5975] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback. [ 102.106116][ T5992] loop5: detected capacity change from 0 to 128 [ 102.145331][ T5857] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.155899][ T5992] EXT4-fs: Ignoring removed nobh option [ 102.303763][ T5992] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 102.321511][ T5974] loop2: detected capacity change from 0 to 32768 [ 102.355245][ T5974] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.8 (5974) [ 102.408735][ T5992] ext4 filesystem being mounted at /4/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 102.412460][ T5967] loop0: detected capacity change from 0 to 32768 [ 102.456019][ T5974] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 102.496878][ T5999] loop1: detected capacity change from 0 to 128 [ 102.503817][ T5974] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm [ 102.530192][ T5974] BTRFS info (device loop2): using free-space-tree [ 102.558394][ T5997] loop3: detected capacity change from 0 to 2048 [ 102.688463][ T5992] fscrypt (loop5, inode 12): Unsupported log2_data_unit_size in encryption policy: 133 [ 102.732351][ T5997] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 102.750609][ T5841] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 102.779695][ T5999] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 102.800271][ T6011] tun0: tun_chr_ioctl cmd 1074025675 [ 102.810488][ T6011] tun0: persist disabled [ 102.816250][ T5999] ext4 filesystem being mounted at /1/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 102.831748][ T5967] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 102.864386][ T5997] process 'syz.3.20' launched './file1' with NULL argv: empty string added [ 103.040984][ T5967] XFS (loop0): Ending clean mount [ 103.235634][ T5974] BTRFS info (device loop2): rebuilding free space tree [ 103.293252][ T5857] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 103.403237][ T5847] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 103.626881][ T6047] loop5: detected capacity change from 0 to 1024 [ 103.671381][ T5852] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 103.912646][ T5911] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 103.952515][ T6047] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.036590][ T6047] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2862: Unable to expand inode 12. Delete some EAs or run e2fsck. [ 104.122690][ T5911] usb 4-1: Using ep0 maxpacket: 16 [ 104.254451][ T6062] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 104.519905][ T5911] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 104.532739][ T5911] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 104.559333][ T5911] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 104.649985][ T5911] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.684297][ T5841] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.708724][ T5911] usb 4-1: Product: syz [ 104.718491][ T5911] usb 4-1: Manufacturer: syz [ 104.727125][ T5911] usb 4-1: SerialNumber: syz [ 104.770089][ T5911] usb 4-1: config 0 descriptor?? [ 104.914944][ T5911] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 104.966331][ T5911] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 105.116861][ T6073] loop1: detected capacity change from 0 to 256 [ 105.559935][ T6084] warning: `syz.0.41' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 105.816616][ T6077] loop2: detected capacity change from 0 to 40427 [ 105.991819][ T6077] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x1fffff [ 106.001437][ T6077] F2FS-fs (loop2): Image doesn't support compression [ 106.008428][ T6077] F2FS-fs (loop2): Image doesn't support compression [ 106.015212][ T6077] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x4 [ 106.030385][ T5911] em28xx 4-1:0.0: chip ID is em2874 [ 106.061109][ T6077] F2FS-fs (loop2): invalid crc value [ 106.091319][ T6077] F2FS-fs (loop2): Found nat_bits in checkpoint [ 106.226522][ T6077] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 106.427207][ T29] kauditd_printk_skb: 16 callbacks suppressed [ 106.427234][ T29] audit: type=1800 audit(1729843698.819:25): pid=6077 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.40" name="bus" dev="loop2" ino=10 res=0 errno=0 [ 106.453910][ T5908] usb 4-1: USB disconnect, device number 2 [ 106.455861][ T5908] em28xx 4-1:0.0: Disconnecting em28xx [ 106.493121][ T6077] syz.2.40: attempt to access beyond end of device [ 106.493121][ T6077] loop2: rw=2049, sector=77824, nr_sectors = 848 limit=40427 [ 106.567949][ T5908] em28xx 4-1:0.0: Freeing device [ 106.732034][ T6110] loop1: detected capacity change from 0 to 64 [ 106.811516][ T5908] kernel write not supported for file /input/mice (pid: 5908 comm: kworker/1:4) [ 106.822046][ T5852] syz-executor: attempt to access beyond end of device [ 106.822046][ T5852] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 106.877672][ T5852] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 107.325618][ T6122] Bluetooth: MGMT ver 1.23 [ 108.084864][ T6130] loop5: detected capacity change from 0 to 32768 [ 108.322386][ T29] audit: type=1800 audit(1729843700.749:26): pid=6130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.59" name="bus" dev="loop5" ino=7 res=0 errno=0 [ 108.324703][ T6130] ERROR: (device loop5): diAllocAG: ipimap->i_size is wrong [ 108.324703][ T6130] [ 108.402383][ T6130] ERROR: (device loop5): remounting filesystem as read-only [ 108.441176][ T6130] ialloc: diAlloc returned -5! [ 108.459543][ T6139] loop1: detected capacity change from 0 to 64 [ 108.461489][ T6114] loop0: detected capacity change from 0 to 32768 [ 108.493037][ T6114] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.52 (6114) [ 108.520602][ T6114] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 108.551433][ T6114] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 108.571213][ T6114] BTRFS info (device loop0): using free-space-tree [ 108.892675][ T29] audit: type=1800 audit(1729843701.329:27): pid=6114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.52" name="file1" dev="loop0" ino=260 res=0 errno=0 [ 108.959538][ T6161] loop3: detected capacity change from 0 to 64 [ 109.018864][ T5847] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 109.244958][ T5848] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 109.251426][ T5864] Bluetooth: hci6: command 0x1003 tx timeout [ 109.279108][ T6166] netlink: 'syz.5.66': attribute type 1 has an invalid length. [ 109.287076][ T6166] netlink: 'syz.5.66': attribute type 1 has an invalid length. [ 109.296067][ T6166] netlink: 9292 bytes leftover after parsing attributes in process `syz.5.66'. [ 109.305743][ T6166] netlink: 16 bytes leftover after parsing attributes in process `syz.5.66'. [ 109.315832][ T6166] netlink: 8 bytes leftover after parsing attributes in process `syz.5.66'. [ 110.096311][ T6185] netlink: 8 bytes leftover after parsing attributes in process `syz.5.77'. [ 110.105434][ T6185] 8021q: VLANs not supported on ipvlan0 [ 110.154702][ T6141] loop2: detected capacity change from 0 to 32768 [ 110.213794][ T6141] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.63 (6141) [ 110.318599][ T6141] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 110.367690][ T6141] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm [ 110.384983][ T6192] loop0: detected capacity change from 0 to 64 [ 110.498497][ T6141] BTRFS info (device loop2): using free-space-tree [ 110.896735][ T6225] loop1: detected capacity change from 0 to 64 [ 110.986747][ T6225] hfs: request for non-existent node 131072 in B*Tree [ 111.019390][ T6225] hfs: request for non-existent node 131072 in B*Tree [ 111.408425][ T6198] loop3: detected capacity change from 0 to 32768 [ 111.416833][ T6198] bcachefs: bch2_parse_one_mount_opt() Invalid mount option invalid compression typecompression: parse error [ 111.624649][ T5852] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 111.689864][ T6233] netlink: 'syz.4.91': attribute type 1 has an invalid length. [ 111.713258][ T6233] netlink: 168864 bytes leftover after parsing attributes in process `syz.4.91'. [ 112.193789][ T6244] [ 112.196187][ T6244] ====================================================== [ 112.203223][ T6244] WARNING: possible circular locking dependency detected [ 112.210264][ T6244] 6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0 Not tainted [ 112.217401][ T6244] ------------------------------------------------------ [ 112.224441][ T6244] syz.3.96/6244 is trying to acquire lock: [ 112.230270][ T6244] ffff88807abf0078 (&hdev->lock){+.+.}-{3:3}, at: mgmt_remove_adv_monitor_complete+0x9e/0x2e0 [ 112.240639][ T6244] [ 112.240639][ T6244] but task is already holding lock: [ 112.248019][ T6244] ffff88807abf0690 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_dequeue+0x50/0x1f0 [ 112.258579][ T6244] [ 112.258579][ T6244] which lock already depends on the new lock. [ 112.258579][ T6244] [ 112.269002][ T6244] [ 112.269002][ T6244] the existing dependency chain (in reverse order) is: [ 112.278038][ T6244] [ 112.278038][ T6244] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}: [ 112.286626][ T6244] __mutex_lock+0x175/0x9c0 [ 112.291704][ T6244] hci_update_passive_scan+0x206/0x380 [ 112.297757][ T6244] le_conn_complete_evt+0x1ca/0x1d80 [ 112.303624][ T6244] hci_le_conn_complete_evt+0x23c/0x370 [ 112.309751][ T6244] hci_le_meta_evt+0x2e5/0x5d0 [ 112.315099][ T6244] hci_event_packet+0x669/0x1180 [ 112.320616][ T6244] hci_rx_work+0x2c6/0x16c0 [ 112.325709][ T6244] process_one_work+0x9c8/0x1ba0 [ 112.331231][ T6244] worker_thread+0x6c8/0xf00 [ 112.336386][ T6244] kthread+0x2c4/0x3a0 [ 112.341032][ T6244] ret_from_fork+0x48/0x80 [ 112.346010][ T6244] ret_from_fork_asm+0x1a/0x30 [ 112.351366][ T6244] [ 112.351366][ T6244] -> #0 (&hdev->lock){+.+.}-{3:3}: [ 112.358735][ T6244] __lock_acquire+0x250b/0x3ce0 [ 112.364146][ T6244] lock_acquire.part.0+0x11b/0x380 [ 112.369821][ T6244] __mutex_lock+0x175/0x9c0 [ 112.374888][ T6244] mgmt_remove_adv_monitor_complete+0x9e/0x2e0 [ 112.381634][ T6244] _hci_cmd_sync_cancel_entry.constprop.0+0x6f/0x1d0 [ 112.388902][ T6244] hci_cmd_sync_dequeue+0x178/0x1f0 [ 112.394701][ T6244] cmd_complete_rsp+0x46/0x1e0 [ 112.400042][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 112.405737][ T6244] mgmt_index_removed+0x145/0x300 [ 112.411333][ T6244] hci_sock_bind+0xc49/0x16f0 [ 112.416596][ T6244] __sys_bind+0x1ee/0x220 [ 112.421516][ T6244] __x64_sys_bind+0x72/0xb0 [ 112.426612][ T6244] do_syscall_64+0xcd/0x250 [ 112.431751][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.438235][ T6244] [ 112.438235][ T6244] other info that might help us debug this: [ 112.438235][ T6244] [ 112.448485][ T6244] Possible unsafe locking scenario: [ 112.448485][ T6244] [ 112.455962][ T6244] CPU0 CPU1 [ 112.461348][ T6244] ---- ---- [ 112.466734][ T6244] lock(&hdev->cmd_sync_work_lock); [ 112.472062][ T6244] lock(&hdev->lock); [ 112.478690][ T6244] lock(&hdev->cmd_sync_work_lock); [ 112.485851][ T6237] loop1: detected capacity change from 0 to 32768 [ 112.486511][ T6244] lock(&hdev->lock); [ 112.486540][ T6244] [ 112.486540][ T6244] *** DEADLOCK *** [ 112.486540][ T6244] [ 112.486551][ T6244] 2 locks held by syz.3.96/6244: [ 112.493739][ T6237] XFS: ikeep mount option is deprecated. [ 112.496986][ T6244] #0: ffff88805a706258 (sk_lock-AF_BLUETOOTH-BTPROTO_HCI){+.+.}-{0:0}, at: hci_sock_bind+0x111/0x16f0 [ 112.526873][ T6244] #1: ffff88807abf0690 (&hdev->cmd_sync_work_lock){+.+.}-{3:3}, at: hci_cmd_sync_dequeue+0x50/0x1f0 [ 112.537885][ T6244] [ 112.537885][ T6244] stack backtrace: [ 112.543781][ T6244] CPU: 0 UID: 0 PID: 6244 Comm: syz.3.96 Not tainted 6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0 [ 112.554305][ T6244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 112.564393][ T6244] Call Trace: [ 112.567693][ T6244] [ 112.570657][ T6244] dump_stack_lvl+0x116/0x1f0 [ 112.571382][ T6237] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 112.575363][ T6244] print_circular_bug+0x41c/0x610 [ 112.589035][ T6244] check_noncircular+0x31a/0x400 [ 112.594009][ T6244] ? __pfx_check_noncircular+0x10/0x10 [ 112.599509][ T6244] ? lockdep_lock+0xc6/0x200 [ 112.604140][ T6244] ? __pfx_lockdep_lock+0x10/0x10 [ 112.609235][ T6244] ? __pfx_stack_trace_save+0x10/0x10 [ 112.614653][ T6244] __lock_acquire+0x250b/0x3ce0 [ 112.619532][ T6244] ? __pfx___lock_acquire+0x10/0x10 [ 112.624756][ T6244] ? lockdep_unlock+0x11a/0x290 [ 112.629675][ T6244] ? __lock_acquire+0x2110/0x3ce0 [ 112.634751][ T6244] lock_acquire.part.0+0x11b/0x380 [ 112.635755][ T6237] XFS (loop1): Ending clean mount [ 112.639891][ T6244] ? mgmt_remove_adv_monitor_complete+0x9e/0x2e0 [ 112.646577][ T6237] XFS (loop1): Quotacheck needed: Please wait. [ 112.651253][ T6244] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 112.663110][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 112.666767][ T6237] XFS (loop1): Quotacheck: Done. [ 112.668768][ T6244] ? rcu_is_watching+0x12/0xc0 [ 112.678532][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 112.684247][ T6244] ? trace_lock_acquire+0x14a/0x1d0 [ 112.689568][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 112.695263][ T6244] ? mgmt_remove_adv_monitor_complete+0x9e/0x2e0 [ 112.701663][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 112.707347][ T6244] ? lock_acquire+0x2f/0xb0 [ 112.711898][ T6244] ? mgmt_remove_adv_monitor_complete+0x9e/0x2e0 [ 112.718321][ T6244] __mutex_lock+0x175/0x9c0 [ 112.722839][ T6244] ? mgmt_remove_adv_monitor_complete+0x9e/0x2e0 [ 112.729207][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 112.734862][ T6244] ? __mutex_trylock_common+0xea/0x250 [ 112.740342][ T6244] ? mgmt_remove_adv_monitor_complete+0x9e/0x2e0 [ 112.746714][ T6244] ? hci_cmd_sync_dequeue+0x50/0x1f0 [ 112.752043][ T6244] ? __pfx___mutex_lock+0x10/0x10 [ 112.757084][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 112.762739][ T6244] ? rcu_is_watching+0x12/0xc0 [ 112.767530][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 112.773179][ T6244] ? __mutex_lock+0x1a6/0x9c0 [ 112.777881][ T6244] ? mgmt_remove_adv_monitor_complete+0x9e/0x2e0 [ 112.784242][ T6244] mgmt_remove_adv_monitor_complete+0x9e/0x2e0 [ 112.790459][ T6244] ? __pfx_mgmt_remove_adv_monitor_complete+0x10/0x10 [ 112.797258][ T6244] ? __pfx_mgmt_remove_adv_monitor_complete+0x10/0x10 [ 112.804062][ T6244] _hci_cmd_sync_cancel_entry.constprop.0+0x6f/0x1d0 [ 112.810898][ T6244] hci_cmd_sync_dequeue+0x178/0x1f0 [ 112.816210][ T6244] cmd_complete_rsp+0x46/0x1e0 [ 112.821006][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 112.826153][ T6244] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 112.831562][ T6244] mgmt_index_removed+0x145/0x300 [ 112.836632][ T6244] ? __pfx_mgmt_index_removed+0x10/0x10 [ 112.842261][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 112.847923][ T6244] ? print_lock+0x70/0x310 [ 112.852380][ T6244] ? hci_dev_get+0x46/0x1e0 [ 112.856943][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 112.862603][ T6244] ? do_raw_read_unlock+0x44/0xe0 [ 112.867650][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 112.873308][ T6244] ? _raw_read_unlock+0x28/0x50 [ 112.878190][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 112.883843][ T6244] ? hci_dev_get+0xf5/0x1e0 [ 112.888381][ T6244] hci_sock_bind+0xc49/0x16f0 [ 112.893099][ T6244] ? __pfx_hci_sock_bind+0x10/0x10 [ 112.898267][ T6244] __sys_bind+0x1ee/0x220 [ 112.902645][ T6244] ? __pfx___sys_bind+0x10/0x10 [ 112.907616][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 112.913276][ T6244] ? rcu_is_watching+0x12/0xc0 [ 112.918068][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 112.923747][ T6244] __x64_sys_bind+0x72/0xb0 [ 112.928302][ T6244] ? lockdep_hardirqs_on+0x7c/0x110 [ 112.933534][ T6244] do_syscall_64+0xcd/0x250 [ 112.938055][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.943994][ T6244] RIP: 0033:0x7ff061f7e719 [ 112.948447][ T6244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.968087][ T6244] RSP: 002b:00007ff062d6a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 112.976521][ T6244] RAX: ffffffffffffffda RBX: 00007ff062135f80 RCX: 00007ff061f7e719 [ 112.984505][ T6244] RDX: 0000000000000006 RSI: 0000000020000040 RDI: 0000000000000004 [ 112.992486][ T6244] RBP: 00007ff061ff12be R08: 0000000000000000 R09: 0000000000000000 [ 113.000466][ T6244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 113.008494][ T6244] R13: 0000000000000000 R14: 00007ff062135f80 R15: 00007ffeecd43be8 [ 113.016500][ T6244] [ 113.024146][ T55] Bluetooth: hci6: command 0x1003 tx timeout [ 113.028251][ T6244] ================================================================== [ 113.038234][ T6244] BUG: KASAN: slab-use-after-free in cmd_complete_rsp+0x1b3/0x1e0 [ 113.046087][ T6244] Read of size 8 at addr ffff88807d6085c0 by task syz.3.96/6244 [ 113.053740][ T6244] [ 113.056075][ T6244] CPU: 0 UID: 0 PID: 6244 Comm: syz.3.96 Not tainted 6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0 [ 113.066609][ T6244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 113.076682][ T6244] Call Trace: [ 113.079980][ T6244] [ 113.082929][ T6244] dump_stack_lvl+0x116/0x1f0 [ 113.087643][ T6244] print_report+0xc3/0x620 [ 113.092093][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.097762][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.103430][ T6244] ? __phys_addr+0xc6/0x150 [ 113.107982][ T6244] kasan_report+0xd9/0x110 [ 113.112434][ T6244] ? cmd_complete_rsp+0x1b3/0x1e0 [ 113.117501][ T6244] ? cmd_complete_rsp+0x1b3/0x1e0 [ 113.122573][ T6244] cmd_complete_rsp+0x1b3/0x1e0 [ 113.127468][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 113.132625][ T6244] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 113.138048][ T6244] mgmt_index_removed+0x145/0x300 [ 113.143109][ T6244] ? __pfx_mgmt_index_removed+0x10/0x10 [ 113.148689][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.154362][ T6244] ? print_lock+0x70/0x310 [ 113.158824][ T6244] ? hci_dev_get+0x46/0x1e0 [ 113.163375][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.169042][ T6244] ? do_raw_read_unlock+0x44/0xe0 [ 113.174104][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.179768][ T6244] ? _raw_read_unlock+0x28/0x50 [ 113.184670][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.190348][ T6244] ? hci_dev_get+0xf5/0x1e0 [ 113.194923][ T6244] hci_sock_bind+0xc49/0x16f0 [ 113.199661][ T6244] ? __pfx_hci_sock_bind+0x10/0x10 [ 113.204835][ T6244] __sys_bind+0x1ee/0x220 [ 113.209219][ T6244] ? __pfx___sys_bind+0x10/0x10 [ 113.214130][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.219795][ T6244] ? rcu_is_watching+0x12/0xc0 [ 113.224600][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.230269][ T6244] __x64_sys_bind+0x72/0xb0 [ 113.234826][ T6244] ? lockdep_hardirqs_on+0x7c/0x110 [ 113.240075][ T6244] do_syscall_64+0xcd/0x250 [ 113.244611][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.250564][ T6244] RIP: 0033:0x7ff061f7e719 [ 113.254999][ T6244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.274660][ T6244] RSP: 002b:00007ff062d6a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 113.283124][ T6244] RAX: ffffffffffffffda RBX: 00007ff062135f80 RCX: 00007ff061f7e719 [ 113.291127][ T6244] RDX: 0000000000000006 RSI: 0000000020000040 RDI: 0000000000000004 [ 113.299126][ T6244] RBP: 00007ff061ff12be R08: 0000000000000000 R09: 0000000000000000 [ 113.307124][ T6244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 113.315130][ T6244] R13: 0000000000000000 R14: 00007ff062135f80 R15: 00007ffeecd43be8 [ 113.323156][ T6244] [ 113.326189][ T6244] [ 113.328525][ T6244] Allocated by task 6241: [ 113.332879][ T6244] kasan_save_stack+0x33/0x60 [ 113.337622][ T6244] kasan_save_track+0x14/0x30 [ 113.342356][ T6244] __kasan_kmalloc+0xaa/0xb0 [ 113.347000][ T6244] mgmt_pending_new+0x5b/0x290 [ 113.351809][ T6244] mgmt_pending_add+0x36/0x160 [ 113.356614][ T6244] remove_adv_monitor+0x124/0x1b0 [ 113.361692][ T6244] hci_sock_sendmsg+0x152b/0x25e0 [ 113.366769][ T6244] sock_write_iter+0x501/0x5b0 [ 113.371581][ T6244] vfs_write+0x6b8/0x1140 [ 113.375951][ T6244] ksys_write+0x1fa/0x260 [ 113.380329][ T6244] do_syscall_64+0xcd/0x250 [ 113.384860][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.390802][ T6244] [ 113.393134][ T6244] Freed by task 6244: [ 113.397127][ T6244] kasan_save_stack+0x33/0x60 [ 113.401855][ T6244] kasan_save_track+0x14/0x30 [ 113.406585][ T6244] kasan_save_free_info+0x3b/0x60 [ 113.411659][ T6244] __kasan_slab_free+0x51/0x70 [ 113.416452][ T6244] kfree+0x14f/0x4b0 [ 113.420393][ T6244] mgmt_remove_adv_monitor_complete+0x1b7/0x2e0 [ 113.426701][ T6244] _hci_cmd_sync_cancel_entry.constprop.0+0x6f/0x1d0 [ 113.433438][ T6244] hci_cmd_sync_dequeue+0x178/0x1f0 [ 113.438688][ T6244] cmd_complete_rsp+0x46/0x1e0 [ 113.443495][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 113.448651][ T6244] mgmt_index_removed+0x145/0x300 [ 113.453707][ T6244] hci_sock_bind+0xc49/0x16f0 [ 113.458428][ T6244] __sys_bind+0x1ee/0x220 [ 113.462807][ T6244] __x64_sys_bind+0x72/0xb0 [ 113.467358][ T6244] do_syscall_64+0xcd/0x250 [ 113.471892][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.477840][ T6244] [ 113.480171][ T6244] The buggy address belongs to the object at ffff88807d608580 [ 113.480171][ T6244] which belongs to the cache kmalloc-96 of size 96 [ 113.494081][ T6244] The buggy address is located 64 bytes inside of [ 113.494081][ T6244] freed 96-byte region [ffff88807d608580, ffff88807d6085e0) [ 113.507761][ T6244] [ 113.510147][ T6244] The buggy address belongs to the physical page: [ 113.516572][ T6244] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d608 [ 113.525359][ T6244] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 113.532488][ T6244] page_type: f5(slab) [ 113.536493][ T6244] raw: 00fff00000000000 ffff88801b041280 ffffea0000bda2c0 dead000000000002 [ 113.545104][ T6244] raw: 0000000000000000 0000000000200020 00000001f5000000 0000000000000000 [ 113.553701][ T6244] page dumped because: kasan: bad access detected [ 113.560125][ T6244] page_owner tracks the page as allocated [ 113.565848][ T6244] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1858, tgid 1858 (kworker/u8:6), ts 99313441398, free_ts 99312586007 [ 113.585171][ T6244] post_alloc_hook+0x2d1/0x350 [ 113.589992][ T6244] get_page_from_freelist+0x101e/0x3070 [ 113.595567][ T6244] __alloc_pages_noprof+0x223/0x25a0 [ 113.600884][ T6244] alloc_pages_mpol_noprof+0x2c9/0x610 [ 113.606382][ T6244] new_slab+0x2ba/0x3f0 [ 113.610591][ T6244] ___slab_alloc+0xdac/0x1880 [ 113.615331][ T6244] __slab_alloc.constprop.0+0x56/0xb0 [ 113.620753][ T6244] __kmalloc_cache_noprof+0x2b4/0x300 [ 113.626173][ T6244] dst_cow_metrics_generic+0x4c/0x1e0 [ 113.631598][ T6244] icmp6_dst_alloc+0x373/0x490 [ 113.636411][ T6244] mld_sendpack+0x5a9/0x11d0 [ 113.641045][ T6244] mld_send_initial_cr.part.0+0x1a1/0x260 [ 113.646818][ T6244] ipv6_mc_dad_complete+0x22c/0x2b0 [ 113.652070][ T6244] addrconf_dad_completed+0xd40/0x1060 [ 113.657568][ T6244] addrconf_dad_work+0x7fb/0x14d0 [ 113.662630][ T6244] process_one_work+0x9c8/0x1ba0 [ 113.667595][ T6244] page last free pid 53 tgid 53 stack trace: [ 113.673587][ T6244] free_unref_page+0x5f4/0xdc0 [ 113.678374][ T6244] rcu_core+0x7a0/0x14d0 [ 113.682656][ T6244] handle_softirqs+0x216/0x8f0 [ 113.687453][ T6244] irq_exit_rcu+0xbb/0x120 [ 113.691900][ T6244] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 113.697583][ T6244] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 113.703617][ T6244] [ 113.705948][ T6244] Memory state around the buggy address: [ 113.711591][ T6244] ffff88807d608480: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 113.719699][ T6244] ffff88807d608500: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 113.727783][ T6244] >ffff88807d608580: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 113.735858][ T6244] ^ [ 113.742022][ T6244] ffff88807d608600: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 113.750100][ T6244] ffff88807d608680: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 113.758172][ T6244] ================================================================== [ 113.778419][ T5848] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 113.792282][ T6244] ================================================================== [ 113.800389][ T6244] BUG: KASAN: slab-use-after-free in cmd_complete_rsp+0x199/0x1e0 [ 113.808283][ T6244] Read of size 2 at addr ffff88807d608590 by task syz.3.96/6244 [ 113.812533][ T5857] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 113.815922][ T6244] [ 113.815940][ T6244] CPU: 0 UID: 0 PID: 6244 Comm: syz.3.96 Tainted: G B 6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0 [ 113.816005][ T6244] Tainted: [B]=BAD_PAGE [ 113.816020][ T6244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 113.816045][ T6244] Call Trace: [ 113.816059][ T6244] [ 113.816074][ T6244] dump_stack_lvl+0x116/0x1f0 [ 113.816122][ T6244] print_report+0xc3/0x620 [ 113.816167][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.816212][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.816256][ T6244] ? __phys_addr+0xc6/0x150 [ 113.816314][ T6244] kasan_report+0xd9/0x110 [ 113.816356][ T6244] ? cmd_complete_rsp+0x199/0x1e0 [ 113.816413][ T6244] ? cmd_complete_rsp+0x199/0x1e0 [ 113.816472][ T6244] cmd_complete_rsp+0x199/0x1e0 [ 113.816525][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 113.816582][ T6244] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 113.816640][ T6244] mgmt_index_removed+0x145/0x300 [ 113.816688][ T6244] ? __pfx_mgmt_index_removed+0x10/0x10 [ 113.816736][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.816782][ T6244] ? print_lock+0x70/0x310 [ 113.816843][ T6244] ? hci_dev_get+0x46/0x1e0 [ 113.816907][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.816958][ T6244] ? do_raw_read_unlock+0x44/0xe0 [ 113.950473][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.956151][ T6244] ? _raw_read_unlock+0x28/0x50 [ 113.961052][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.966719][ T6244] ? hci_dev_get+0xf5/0x1e0 [ 113.971273][ T6244] hci_sock_bind+0xc49/0x16f0 [ 113.976001][ T6244] ? __pfx_hci_sock_bind+0x10/0x10 [ 113.981168][ T6244] __sys_bind+0x1ee/0x220 [ 113.985551][ T6244] ? __pfx___sys_bind+0x10/0x10 [ 113.990465][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 113.996129][ T6244] ? rcu_is_watching+0x12/0xc0 [ 114.000932][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 114.006608][ T6244] __x64_sys_bind+0x72/0xb0 [ 114.011166][ T6244] ? lockdep_hardirqs_on+0x7c/0x110 [ 114.016415][ T6244] do_syscall_64+0xcd/0x250 [ 114.020956][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.026915][ T6244] RIP: 0033:0x7ff061f7e719 [ 114.031361][ T6244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.051002][ T6244] RSP: 002b:00007ff062d6a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 114.059452][ T6244] RAX: ffffffffffffffda RBX: 00007ff062135f80 RCX: 00007ff061f7e719 [ 114.067454][ T6244] RDX: 0000000000000006 RSI: 0000000020000040 RDI: 0000000000000004 [ 114.075448][ T6244] RBP: 00007ff061ff12be R08: 0000000000000000 R09: 0000000000000000 [ 114.083442][ T6244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 114.091435][ T6244] R13: 0000000000000000 R14: 00007ff062135f80 R15: 00007ffeecd43be8 [ 114.099443][ T6244] [ 114.102479][ T6244] [ 114.104810][ T6244] Allocated by task 6241: [ 114.109147][ T6244] kasan_save_stack+0x33/0x60 [ 114.113882][ T6244] kasan_save_track+0x14/0x30 [ 114.118615][ T6244] __kasan_kmalloc+0xaa/0xb0 [ 114.123255][ T6244] mgmt_pending_new+0x5b/0x290 [ 114.128064][ T6244] mgmt_pending_add+0x36/0x160 [ 114.132869][ T6244] remove_adv_monitor+0x124/0x1b0 [ 114.137956][ T6244] hci_sock_sendmsg+0x152b/0x25e0 [ 114.143023][ T6244] sock_write_iter+0x501/0x5b0 [ 114.147837][ T6244] vfs_write+0x6b8/0x1140 [ 114.152209][ T6244] ksys_write+0x1fa/0x260 [ 114.156584][ T6244] do_syscall_64+0xcd/0x250 [ 114.161111][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.167050][ T6244] [ 114.169381][ T6244] Freed by task 6244: [ 114.173369][ T6244] kasan_save_stack+0x33/0x60 [ 114.178094][ T6244] kasan_save_track+0x14/0x30 [ 114.182815][ T6244] kasan_save_free_info+0x3b/0x60 [ 114.187878][ T6244] __kasan_slab_free+0x51/0x70 [ 114.192664][ T6244] kfree+0x14f/0x4b0 [ 114.196604][ T6244] mgmt_remove_adv_monitor_complete+0x1b7/0x2e0 [ 114.202892][ T6244] _hci_cmd_sync_cancel_entry.constprop.0+0x6f/0x1d0 [ 114.209627][ T6244] hci_cmd_sync_dequeue+0x178/0x1f0 [ 114.214877][ T6244] cmd_complete_rsp+0x46/0x1e0 [ 114.219680][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 114.224835][ T6244] mgmt_index_removed+0x145/0x300 [ 114.229901][ T6244] hci_sock_bind+0xc49/0x16f0 [ 114.234627][ T6244] __sys_bind+0x1ee/0x220 [ 114.239007][ T6244] __x64_sys_bind+0x72/0xb0 [ 114.243560][ T6244] do_syscall_64+0xcd/0x250 [ 114.248087][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.254032][ T6244] [ 114.256361][ T6244] The buggy address belongs to the object at ffff88807d608580 [ 114.256361][ T6244] which belongs to the cache kmalloc-96 of size 96 [ 114.270260][ T6244] The buggy address is located 16 bytes inside of [ 114.270260][ T6244] freed 96-byte region [ffff88807d608580, ffff88807d6085e0) [ 114.283909][ T6244] [ 114.286244][ T6244] The buggy address belongs to the physical page: [ 114.292663][ T6244] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d608 [ 114.301447][ T6244] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 114.308576][ T6244] page_type: f5(slab) [ 114.312584][ T6244] raw: 00fff00000000000 ffff88801b041280 ffffea0000bda2c0 dead000000000002 [ 114.321193][ T6244] raw: 0000000000000000 0000000000200020 00000001f5000000 0000000000000000 [ 114.329789][ T6244] page dumped because: kasan: bad access detected [ 114.336211][ T6244] page_owner tracks the page as allocated [ 114.341929][ T6244] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1858, tgid 1858 (kworker/u8:6), ts 99313441398, free_ts 99312586007 [ 114.361249][ T6244] post_alloc_hook+0x2d1/0x350 [ 114.366070][ T6244] get_page_from_freelist+0x101e/0x3070 [ 114.371646][ T6244] __alloc_pages_noprof+0x223/0x25a0 [ 114.376964][ T6244] alloc_pages_mpol_noprof+0x2c9/0x610 [ 114.382459][ T6244] new_slab+0x2ba/0x3f0 [ 114.386658][ T6244] ___slab_alloc+0xdac/0x1880 [ 114.391378][ T6244] __slab_alloc.constprop.0+0x56/0xb0 [ 114.396795][ T6244] __kmalloc_cache_noprof+0x2b4/0x300 [ 114.402221][ T6244] dst_cow_metrics_generic+0x4c/0x1e0 [ 114.407643][ T6244] icmp6_dst_alloc+0x373/0x490 [ 114.412446][ T6244] mld_sendpack+0x5a9/0x11d0 [ 114.417076][ T6244] mld_send_initial_cr.part.0+0x1a1/0x260 [ 114.422837][ T6244] ipv6_mc_dad_complete+0x22c/0x2b0 [ 114.428081][ T6244] addrconf_dad_completed+0xd40/0x1060 [ 114.433580][ T6244] addrconf_dad_work+0x7fb/0x14d0 [ 114.438641][ T6244] process_one_work+0x9c8/0x1ba0 [ 114.443607][ T6244] page last free pid 53 tgid 53 stack trace: [ 114.449601][ T6244] free_unref_page+0x5f4/0xdc0 [ 114.454392][ T6244] rcu_core+0x7a0/0x14d0 [ 114.458670][ T6244] handle_softirqs+0x216/0x8f0 [ 114.463468][ T6244] irq_exit_rcu+0xbb/0x120 [ 114.467917][ T6244] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 114.473600][ T6244] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 114.479631][ T6244] [ 114.481965][ T6244] Memory state around the buggy address: [ 114.487605][ T6244] ffff88807d608480: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 114.495686][ T6244] ffff88807d608500: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 114.503770][ T6244] >ffff88807d608580: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 114.511851][ T6244] ^ [ 114.516450][ T6244] ffff88807d608600: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 114.524530][ T6244] ffff88807d608680: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 114.532607][ T6244] ================================================================== [ 114.547639][ T6244] ================================================================== [ 114.555738][ T6244] BUG: KASAN: slab-use-after-free in cmd_complete_rsp+0x1a9/0x1e0 [ 114.563591][ T6244] Read of size 4 at addr ffff88807d608594 by task syz.3.96/6244 [ 114.571240][ T6244] [ 114.573646][ T6244] CPU: 0 UID: 0 PID: 6244 Comm: syz.3.96 Tainted: G B 6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0 [ 114.585665][ T6244] Tainted: [B]=BAD_PAGE [ 114.589824][ T6244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 114.599895][ T6244] Call Trace: [ 114.603188][ T6244] [ 114.606143][ T6244] dump_stack_lvl+0x116/0x1f0 [ 114.610857][ T6244] print_report+0xc3/0x620 [ 114.615306][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 114.620974][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 114.626640][ T6244] ? __phys_addr+0xc6/0x150 [ 114.631185][ T6244] kasan_report+0xd9/0x110 [ 114.635638][ T6244] ? cmd_complete_rsp+0x1a9/0x1e0 [ 114.640710][ T6244] ? cmd_complete_rsp+0x1a9/0x1e0 [ 114.645784][ T6244] cmd_complete_rsp+0x1a9/0x1e0 [ 114.650680][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 114.655837][ T6244] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 114.661254][ T6244] mgmt_index_removed+0x145/0x300 [ 114.666315][ T6244] ? __pfx_mgmt_index_removed+0x10/0x10 [ 114.671908][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 114.677584][ T6244] ? print_lock+0x70/0x310 [ 114.682050][ T6244] ? hci_dev_get+0x46/0x1e0 [ 114.686607][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 114.692276][ T6244] ? do_raw_read_unlock+0x44/0xe0 [ 114.697341][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 114.703006][ T6244] ? _raw_read_unlock+0x28/0x50 [ 114.707906][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 114.713581][ T6244] ? hci_dev_get+0xf5/0x1e0 [ 114.718133][ T6244] hci_sock_bind+0xc49/0x16f0 [ 114.722861][ T6244] ? __pfx_hci_sock_bind+0x10/0x10 [ 114.728029][ T6244] __sys_bind+0x1ee/0x220 [ 114.732414][ T6244] ? __pfx___sys_bind+0x10/0x10 [ 114.737330][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 114.742997][ T6244] ? rcu_is_watching+0x12/0xc0 [ 114.747805][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 114.753475][ T6244] __x64_sys_bind+0x72/0xb0 [ 114.758035][ T6244] ? lockdep_hardirqs_on+0x7c/0x110 [ 114.763285][ T6244] do_syscall_64+0xcd/0x250 [ 114.767820][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.773764][ T6244] RIP: 0033:0x7ff061f7e719 [ 114.778202][ T6244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.797837][ T6244] RSP: 002b:00007ff062d6a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 114.806284][ T6244] RAX: ffffffffffffffda RBX: 00007ff062135f80 RCX: 00007ff061f7e719 [ 114.814280][ T6244] RDX: 0000000000000006 RSI: 0000000020000040 RDI: 0000000000000004 [ 114.822272][ T6244] RBP: 00007ff061ff12be R08: 0000000000000000 R09: 0000000000000000 [ 114.830263][ T6244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 114.838255][ T6244] R13: 0000000000000000 R14: 00007ff062135f80 R15: 00007ffeecd43be8 [ 114.846267][ T6244] [ 114.849299][ T6244] [ 114.851633][ T6244] Allocated by task 6241: [ 114.855981][ T6244] kasan_save_stack+0x33/0x60 [ 114.860721][ T6244] kasan_save_track+0x14/0x30 [ 114.865449][ T6244] __kasan_kmalloc+0xaa/0xb0 [ 114.870087][ T6244] mgmt_pending_new+0x5b/0x290 [ 114.874892][ T6244] mgmt_pending_add+0x36/0x160 [ 114.879703][ T6244] remove_adv_monitor+0x124/0x1b0 [ 114.884782][ T6244] hci_sock_sendmsg+0x152b/0x25e0 [ 114.889850][ T6244] sock_write_iter+0x501/0x5b0 [ 114.894658][ T6244] vfs_write+0x6b8/0x1140 [ 114.899028][ T6244] ksys_write+0x1fa/0x260 [ 114.903400][ T6244] do_syscall_64+0xcd/0x250 [ 114.907930][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.913874][ T6244] [ 114.916203][ T6244] Freed by task 6244: [ 114.920195][ T6244] kasan_save_stack+0x33/0x60 [ 114.924924][ T6244] kasan_save_track+0x14/0x30 [ 114.929655][ T6244] kasan_save_free_info+0x3b/0x60 [ 114.934721][ T6244] __kasan_slab_free+0x51/0x70 [ 114.939509][ T6244] kfree+0x14f/0x4b0 [ 114.943452][ T6244] mgmt_remove_adv_monitor_complete+0x1b7/0x2e0 [ 114.949740][ T6244] _hci_cmd_sync_cancel_entry.constprop.0+0x6f/0x1d0 [ 114.956469][ T6244] hci_cmd_sync_dequeue+0x178/0x1f0 [ 114.961723][ T6244] cmd_complete_rsp+0x46/0x1e0 [ 114.966528][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 114.971691][ T6244] mgmt_index_removed+0x145/0x300 [ 114.976752][ T6244] hci_sock_bind+0xc49/0x16f0 [ 114.981470][ T6244] __sys_bind+0x1ee/0x220 [ 114.985848][ T6244] __x64_sys_bind+0x72/0xb0 [ 114.990400][ T6244] do_syscall_64+0xcd/0x250 [ 114.994927][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.000871][ T6244] [ 115.003207][ T6244] The buggy address belongs to the object at ffff88807d608580 [ 115.003207][ T6244] which belongs to the cache kmalloc-96 of size 96 [ 115.017106][ T6244] The buggy address is located 20 bytes inside of [ 115.017106][ T6244] freed 96-byte region [ffff88807d608580, ffff88807d6085e0) [ 115.030763][ T6244] [ 115.033099][ T6244] The buggy address belongs to the physical page: [ 115.039638][ T6244] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d608 [ 115.048426][ T6244] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 115.055565][ T6244] page_type: f5(slab) [ 115.059581][ T6244] raw: 00fff00000000000 ffff88801b041280 ffffea0000bda2c0 dead000000000002 [ 115.068228][ T6244] raw: 0000000000000000 0000000000200020 00000001f5000000 0000000000000000 [ 115.076827][ T6244] page dumped because: kasan: bad access detected [ 115.083250][ T6244] page_owner tracks the page as allocated [ 115.088971][ T6244] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1858, tgid 1858 (kworker/u8:6), ts 99313441398, free_ts 99312586007 [ 115.108293][ T6244] post_alloc_hook+0x2d1/0x350 [ 115.113122][ T6244] get_page_from_freelist+0x101e/0x3070 [ 115.118701][ T6244] __alloc_pages_noprof+0x223/0x25a0 [ 115.124020][ T6244] alloc_pages_mpol_noprof+0x2c9/0x610 [ 115.129514][ T6244] new_slab+0x2ba/0x3f0 [ 115.133717][ T6244] ___slab_alloc+0xdac/0x1880 [ 115.138439][ T6244] __slab_alloc.constprop.0+0x56/0xb0 [ 115.143860][ T6244] __kmalloc_cache_noprof+0x2b4/0x300 [ 115.149288][ T6244] dst_cow_metrics_generic+0x4c/0x1e0 [ 115.154714][ T6244] icmp6_dst_alloc+0x373/0x490 [ 115.159524][ T6244] mld_sendpack+0x5a9/0x11d0 [ 115.164156][ T6244] mld_send_initial_cr.part.0+0x1a1/0x260 [ 115.169922][ T6244] ipv6_mc_dad_complete+0x22c/0x2b0 [ 115.175175][ T6244] addrconf_dad_completed+0xd40/0x1060 [ 115.180672][ T6244] addrconf_dad_work+0x7fb/0x14d0 [ 115.185734][ T6244] process_one_work+0x9c8/0x1ba0 [ 115.190698][ T6244] page last free pid 53 tgid 53 stack trace: [ 115.196691][ T6244] free_unref_page+0x5f4/0xdc0 [ 115.201492][ T6244] rcu_core+0x7a0/0x14d0 [ 115.205770][ T6244] handle_softirqs+0x216/0x8f0 [ 115.210571][ T6244] irq_exit_rcu+0xbb/0x120 [ 115.215021][ T6244] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 115.220700][ T6244] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 115.226739][ T6244] [ 115.229067][ T6244] Memory state around the buggy address: [ 115.234711][ T6244] ffff88807d608480: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 115.242792][ T6244] ffff88807d608500: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 115.250874][ T6244] >ffff88807d608580: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 115.258956][ T6244] ^ [ 115.263555][ T6244] ffff88807d608600: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 115.271633][ T6244] ffff88807d608680: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 115.279706][ T6244] ================================================================== [ 115.295052][ T6244] ================================================================== [ 115.303147][ T6244] BUG: KASAN: slab-use-after-free in cmd_complete_rsp+0x1ce/0x1e0 [ 115.311007][ T6244] Read of size 8 at addr ffff88807d6085a8 by task syz.3.96/6244 [ 115.318674][ T6244] [ 115.321027][ T6244] CPU: 0 UID: 0 PID: 6244 Comm: syz.3.96 Tainted: G B 6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0 [ 115.333056][ T6244] Tainted: [B]=BAD_PAGE [ 115.337225][ T6244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 115.347311][ T6244] Call Trace: [ 115.350615][ T6244] [ 115.353573][ T6244] dump_stack_lvl+0x116/0x1f0 [ 115.358302][ T6244] print_report+0xc3/0x620 [ 115.362768][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 115.368435][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 115.374100][ T6244] ? __phys_addr+0xc6/0x150 [ 115.378649][ T6244] kasan_report+0xd9/0x110 [ 115.383099][ T6244] ? cmd_complete_rsp+0x1ce/0x1e0 [ 115.388172][ T6244] ? cmd_complete_rsp+0x1ce/0x1e0 [ 115.393247][ T6244] cmd_complete_rsp+0x1ce/0x1e0 [ 115.398143][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 115.403301][ T6244] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 115.408723][ T6244] mgmt_index_removed+0x145/0x300 [ 115.413785][ T6244] ? __pfx_mgmt_index_removed+0x10/0x10 [ 115.419366][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 115.425029][ T6244] ? print_lock+0x70/0x310 [ 115.429493][ T6244] ? hci_dev_get+0x46/0x1e0 [ 115.434046][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 115.439710][ T6244] ? do_raw_read_unlock+0x44/0xe0 [ 115.444778][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 115.450441][ T6244] ? _raw_read_unlock+0x28/0x50 [ 115.455343][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 115.461007][ T6244] ? hci_dev_get+0xf5/0x1e0 [ 115.465567][ T6244] hci_sock_bind+0xc49/0x16f0 [ 115.470293][ T6244] ? __pfx_hci_sock_bind+0x10/0x10 [ 115.475457][ T6244] __sys_bind+0x1ee/0x220 [ 115.479842][ T6244] ? __pfx___sys_bind+0x10/0x10 [ 115.484772][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 115.490437][ T6244] ? rcu_is_watching+0x12/0xc0 [ 115.495245][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 115.500914][ T6244] __x64_sys_bind+0x72/0xb0 [ 115.505474][ T6244] ? lockdep_hardirqs_on+0x7c/0x110 [ 115.510728][ T6244] do_syscall_64+0xcd/0x250 [ 115.515263][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.521206][ T6244] RIP: 0033:0x7ff061f7e719 [ 115.525647][ T6244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 115.545289][ T6244] RSP: 002b:00007ff062d6a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 115.553738][ T6244] RAX: ffffffffffffffda RBX: 00007ff062135f80 RCX: 00007ff061f7e719 [ 115.561742][ T6244] RDX: 0000000000000006 RSI: 0000000020000040 RDI: 0000000000000004 [ 115.569744][ T6244] RBP: 00007ff061ff12be R08: 0000000000000000 R09: 0000000000000000 [ 115.577740][ T6244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 115.585734][ T6244] R13: 0000000000000000 R14: 00007ff062135f80 R15: 00007ffeecd43be8 [ 115.593743][ T6244] [ 115.596774][ T6244] [ 115.599102][ T6244] Allocated by task 6241: [ 115.603440][ T6244] kasan_save_stack+0x33/0x60 [ 115.608190][ T6244] kasan_save_track+0x14/0x30 [ 115.612923][ T6244] __kasan_kmalloc+0xaa/0xb0 [ 115.617567][ T6244] mgmt_pending_new+0x5b/0x290 [ 115.622411][ T6244] mgmt_pending_add+0x36/0x160 [ 115.627218][ T6244] remove_adv_monitor+0x124/0x1b0 [ 115.632290][ T6244] hci_sock_sendmsg+0x152b/0x25e0 [ 115.637356][ T6244] sock_write_iter+0x501/0x5b0 [ 115.642171][ T6244] vfs_write+0x6b8/0x1140 [ 115.646538][ T6244] ksys_write+0x1fa/0x260 [ 115.650905][ T6244] do_syscall_64+0xcd/0x250 [ 115.655438][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.661383][ T6244] [ 115.663722][ T6244] Freed by task 6244: [ 115.667713][ T6244] kasan_save_stack+0x33/0x60 [ 115.672443][ T6244] kasan_save_track+0x14/0x30 [ 115.677168][ T6244] kasan_save_free_info+0x3b/0x60 [ 115.682230][ T6244] __kasan_slab_free+0x51/0x70 [ 115.687017][ T6244] kfree+0x14f/0x4b0 [ 115.690969][ T6244] mgmt_remove_adv_monitor_complete+0x1b7/0x2e0 [ 115.697256][ T6244] _hci_cmd_sync_cancel_entry.constprop.0+0x6f/0x1d0 [ 115.703988][ T6244] hci_cmd_sync_dequeue+0x178/0x1f0 [ 115.709235][ T6244] cmd_complete_rsp+0x46/0x1e0 [ 115.714034][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 115.719186][ T6244] mgmt_index_removed+0x145/0x300 [ 115.724238][ T6244] hci_sock_bind+0xc49/0x16f0 [ 115.728959][ T6244] __sys_bind+0x1ee/0x220 [ 115.733337][ T6244] __x64_sys_bind+0x72/0xb0 [ 115.737890][ T6244] do_syscall_64+0xcd/0x250 [ 115.742421][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.748363][ T6244] [ 115.750693][ T6244] The buggy address belongs to the object at ffff88807d608580 [ 115.750693][ T6244] which belongs to the cache kmalloc-96 of size 96 [ 115.764599][ T6244] The buggy address is located 40 bytes inside of [ 115.764599][ T6244] freed 96-byte region [ffff88807d608580, ffff88807d6085e0) [ 115.778252][ T6244] [ 115.780584][ T6244] The buggy address belongs to the physical page: [ 115.787004][ T6244] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d608 [ 115.795789][ T6244] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 115.802918][ T6244] page_type: f5(slab) [ 115.806928][ T6244] raw: 00fff00000000000 ffff88801b041280 ffffea0000bda2c0 dead000000000002 [ 115.815543][ T6244] raw: 0000000000000000 0000000000200020 00000001f5000000 0000000000000000 [ 115.824139][ T6244] page dumped because: kasan: bad access detected [ 115.830566][ T6244] page_owner tracks the page as allocated [ 115.836290][ T6244] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1858, tgid 1858 (kworker/u8:6), ts 99313441398, free_ts 99312586007 [ 115.855614][ T6244] post_alloc_hook+0x2d1/0x350 [ 115.860432][ T6244] get_page_from_freelist+0x101e/0x3070 [ 115.866032][ T6244] __alloc_pages_noprof+0x223/0x25a0 [ 115.871351][ T6244] alloc_pages_mpol_noprof+0x2c9/0x610 [ 115.876853][ T6244] new_slab+0x2ba/0x3f0 [ 115.881056][ T6244] ___slab_alloc+0xdac/0x1880 [ 115.885779][ T6244] __slab_alloc.constprop.0+0x56/0xb0 [ 115.891205][ T6244] __kmalloc_cache_noprof+0x2b4/0x300 [ 115.896624][ T6244] dst_cow_metrics_generic+0x4c/0x1e0 [ 115.902045][ T6244] icmp6_dst_alloc+0x373/0x490 [ 115.906853][ T6244] mld_sendpack+0x5a9/0x11d0 [ 115.911487][ T6244] mld_send_initial_cr.part.0+0x1a1/0x260 [ 115.917256][ T6244] ipv6_mc_dad_complete+0x22c/0x2b0 [ 115.922509][ T6244] addrconf_dad_completed+0xd40/0x1060 [ 115.928005][ T6244] addrconf_dad_work+0x7fb/0x14d0 [ 115.933071][ T6244] process_one_work+0x9c8/0x1ba0 [ 115.938035][ T6244] page last free pid 53 tgid 53 stack trace: [ 115.944025][ T6244] free_unref_page+0x5f4/0xdc0 [ 115.948814][ T6244] rcu_core+0x7a0/0x14d0 [ 115.953090][ T6244] handle_softirqs+0x216/0x8f0 [ 115.957887][ T6244] irq_exit_rcu+0xbb/0x120 [ 115.962341][ T6244] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 115.968025][ T6244] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 115.974063][ T6244] [ 115.976395][ T6244] Memory state around the buggy address: [ 115.982034][ T6244] ffff88807d608480: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 115.990115][ T6244] ffff88807d608500: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 115.998194][ T6244] >ffff88807d608580: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 116.006268][ T6244] ^ [ 116.011652][ T6244] ffff88807d608600: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 116.019734][ T6244] ffff88807d608680: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 116.027811][ T6244] ================================================================== [ 116.037041][ T6244] ================================================================== [ 116.045132][ T6244] BUG: KASAN: slab-use-after-free in hci_sock_get_cookie+0x42/0x50 [ 116.053091][ T6244] Read of size 4 at addr ffff88805b57c5b8 by task syz.3.96/6244 [ 116.060744][ T6244] [ 116.063083][ T6244] CPU: 0 UID: 0 PID: 6244 Comm: syz.3.96 Tainted: G B 6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0 [ 116.075103][ T6244] Tainted: [B]=BAD_PAGE [ 116.079265][ T6244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 116.089377][ T6244] Call Trace: [ 116.092672][ T6244] [ 116.095619][ T6244] dump_stack_lvl+0x116/0x1f0 [ 116.100331][ T6244] print_report+0xc3/0x620 [ 116.104781][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.110447][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.116113][ T6244] ? __phys_addr+0xc6/0x150 [ 116.120660][ T6244] kasan_report+0xd9/0x110 [ 116.125111][ T6244] ? hci_sock_get_cookie+0x42/0x50 [ 116.130273][ T6244] ? hci_sock_get_cookie+0x42/0x50 [ 116.135437][ T6244] hci_sock_get_cookie+0x42/0x50 [ 116.140424][ T6244] mgmt_cmd_status+0x229/0x520 [ 116.145247][ T6244] cmd_complete_rsp+0x165/0x1e0 [ 116.150142][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 116.155297][ T6244] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 116.160712][ T6244] mgmt_index_removed+0x145/0x300 [ 116.165774][ T6244] ? __pfx_mgmt_index_removed+0x10/0x10 [ 116.171359][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.177026][ T6244] ? print_lock+0x70/0x310 [ 116.181492][ T6244] ? hci_dev_get+0x46/0x1e0 [ 116.186049][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.191715][ T6244] ? do_raw_read_unlock+0x44/0xe0 [ 116.196781][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.202448][ T6244] ? _raw_read_unlock+0x28/0x50 [ 116.207351][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.213018][ T6244] ? hci_dev_get+0xf5/0x1e0 [ 116.217572][ T6244] hci_sock_bind+0xc49/0x16f0 [ 116.222298][ T6244] ? __pfx_hci_sock_bind+0x10/0x10 [ 116.227466][ T6244] __sys_bind+0x1ee/0x220 [ 116.231847][ T6244] ? __pfx___sys_bind+0x10/0x10 [ 116.236763][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.242434][ T6244] ? rcu_is_watching+0x12/0xc0 [ 116.247239][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.252907][ T6244] __x64_sys_bind+0x72/0xb0 [ 116.257467][ T6244] ? lockdep_hardirqs_on+0x7c/0x110 [ 116.262719][ T6244] do_syscall_64+0xcd/0x250 [ 116.267255][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.273202][ T6244] RIP: 0033:0x7ff061f7e719 [ 116.277639][ T6244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 116.297276][ T6244] RSP: 002b:00007ff062d6a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 116.305731][ T6244] RAX: ffffffffffffffda RBX: 00007ff062135f80 RCX: 00007ff061f7e719 [ 116.313729][ T6244] RDX: 0000000000000006 RSI: 0000000020000040 RDI: 0000000000000004 [ 116.321725][ T6244] RBP: 00007ff061ff12be R08: 0000000000000000 R09: 0000000000000000 [ 116.329719][ T6244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 116.337741][ T6244] R13: 0000000000000000 R14: 00007ff062135f80 R15: 00007ffeecd43be8 [ 116.345758][ T6244] [ 116.348789][ T6244] [ 116.351119][ T6244] Allocated by task 6241: [ 116.355454][ T6244] kasan_save_stack+0x33/0x60 [ 116.360184][ T6244] kasan_save_track+0x14/0x30 [ 116.364906][ T6244] __kasan_kmalloc+0xaa/0xb0 [ 116.369544][ T6244] __kmalloc_noprof+0x1e8/0x400 [ 116.374424][ T6244] sk_prot_alloc+0x1a8/0x2a0 [ 116.379058][ T6244] sk_alloc+0x36/0xb90 [ 116.383156][ T6244] bt_sock_alloc+0x3b/0x3a0 [ 116.387695][ T6244] hci_sock_create+0xbc/0x1a0 [ 116.392417][ T6244] bt_sock_create+0x185/0x350 [ 116.397136][ T6244] __sock_create+0x331/0x840 [ 116.401769][ T6244] __sys_socket+0x14f/0x260 [ 116.406316][ T6244] __x64_sys_socket+0x72/0xb0 [ 116.411038][ T6244] do_syscall_64+0xcd/0x250 [ 116.415569][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.421507][ T6244] [ 116.423835][ T6244] Freed by task 6244: [ 116.427823][ T6244] kasan_save_stack+0x33/0x60 [ 116.432547][ T6244] kasan_save_track+0x14/0x30 [ 116.437270][ T6244] kasan_save_free_info+0x3b/0x60 [ 116.442333][ T6244] __kasan_slab_free+0x51/0x70 [ 116.447119][ T6244] kfree+0x14f/0x4b0 [ 116.451055][ T6244] __sk_destruct+0x5eb/0x720 [ 116.455668][ T6244] sk_destruct+0xc2/0xf0 [ 116.459944][ T6244] __sk_free+0xf4/0x3e0 [ 116.464125][ T6244] sk_free+0x6a/0x90 [ 116.468045][ T6244] mgmt_pending_free+0xc0/0xf0 [ 116.472847][ T6244] mgmt_remove_adv_monitor_complete+0x1b7/0x2e0 [ 116.479134][ T6244] _hci_cmd_sync_cancel_entry.constprop.0+0x6f/0x1d0 [ 116.485865][ T6244] hci_cmd_sync_dequeue+0x178/0x1f0 [ 116.491111][ T6244] cmd_complete_rsp+0x46/0x1e0 [ 116.495913][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 116.501064][ T6244] mgmt_index_removed+0x145/0x300 [ 116.506117][ T6244] hci_sock_bind+0xc49/0x16f0 [ 116.510840][ T6244] __sys_bind+0x1ee/0x220 [ 116.515220][ T6244] __x64_sys_bind+0x72/0xb0 [ 116.519770][ T6244] do_syscall_64+0xcd/0x250 [ 116.524298][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.530236][ T6244] [ 116.532568][ T6244] The buggy address belongs to the object at ffff88805b57c000 [ 116.532568][ T6244] which belongs to the cache kmalloc-2k of size 2048 [ 116.546646][ T6244] The buggy address is located 1464 bytes inside of [ 116.546646][ T6244] freed 2048-byte region [ffff88805b57c000, ffff88805b57c800) [ 116.560648][ T6244] [ 116.562981][ T6244] The buggy address belongs to the physical page: [ 116.569397][ T6244] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5b578 [ 116.578178][ T6244] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 116.586699][ T6244] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 116.594702][ T6244] page_type: f5(slab) [ 116.598712][ T6244] raw: 00fff00000000040 ffff88801b042000 0000000000000000 0000000000000001 [ 116.607321][ T6244] raw: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000 [ 116.615931][ T6244] head: 00fff00000000040 ffff88801b042000 0000000000000000 0000000000000001 [ 116.624628][ T6244] head: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000 [ 116.633328][ T6244] head: 00fff00000000003 ffffea00016d5e01 ffffffffffffffff 0000000000000000 [ 116.642022][ T6244] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 116.650705][ T6244] page dumped because: kasan: bad access detected [ 116.657157][ T6244] page_owner tracks the page as allocated [ 116.662890][ T6244] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5847, tgid 5847 (syz-executor), ts 92321174332, free_ts 31348293274 [ 116.684305][ T6244] post_alloc_hook+0x2d1/0x350 [ 116.689124][ T6244] get_page_from_freelist+0x101e/0x3070 [ 116.694715][ T6244] __alloc_pages_noprof+0x223/0x25a0 [ 116.700033][ T6244] alloc_pages_mpol_noprof+0x2c9/0x610 [ 116.705530][ T6244] new_slab+0x2ba/0x3f0 [ 116.709732][ T6244] ___slab_alloc+0xdac/0x1880 [ 116.714453][ T6244] __slab_alloc.constprop.0+0x56/0xb0 [ 116.719883][ T6244] __kmalloc_cache_noprof+0x2b4/0x300 [ 116.725310][ T6244] rtnl_newlink+0x49/0xa0 [ 116.729678][ T6244] rtnetlink_rcv_msg+0x3ca/0xea0 [ 116.734656][ T6244] netlink_rcv_skb+0x16e/0x440 [ 116.739448][ T6244] netlink_unicast+0x53f/0x7f0 [ 116.744237][ T6244] netlink_sendmsg+0x8b8/0xd70 [ 116.749024][ T6244] __sys_sendto+0x47c/0x4d0 [ 116.753557][ T6244] __x64_sys_sendto+0xe0/0x1c0 [ 116.758350][ T6244] do_syscall_64+0xcd/0x250 [ 116.762881][ T6244] page last free pid 1 tgid 1 stack trace: [ 116.768703][ T6244] free_unref_page+0x5f4/0xdc0 [ 116.773496][ T6244] free_contig_range+0x135/0x3f0 [ 116.778457][ T6244] destroy_args+0xa27/0xe00 [ 116.783007][ T6244] debug_vm_pgtable+0x168e/0x31a0 [ 116.788084][ T6244] do_one_initcall+0x12b/0x700 [ 116.792897][ T6244] kernel_init_freeable+0x5c7/0x900 [ 116.798144][ T6244] kernel_init+0x1c/0x2b0 [ 116.802507][ T6244] ret_from_fork+0x48/0x80 [ 116.806947][ T6244] ret_from_fork_asm+0x1a/0x30 [ 116.811756][ T6244] [ 116.814087][ T6244] Memory state around the buggy address: [ 116.819730][ T6244] ffff88805b57c480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 116.827811][ T6244] ffff88805b57c500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 116.835890][ T6244] >ffff88805b57c580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 116.843967][ T6244] ^ [ 116.849871][ T6244] ffff88805b57c600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 116.857948][ T6244] ffff88805b57c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 116.866020][ T6244] ================================================================== [ 116.878647][ T6244] ================================================================== [ 116.886752][ T6244] BUG: KASAN: slab-use-after-free in sk_filter_trim_cap+0x9bd/0xac0 [ 116.894783][ T6244] Read of size 8 at addr ffff88805b57c178 by task syz.3.96/6244 [ 116.902488][ T6244] [ 116.904834][ T6244] CPU: 0 UID: 0 PID: 6244 Comm: syz.3.96 Tainted: G B 6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0 [ 116.916854][ T6244] Tainted: [B]=BAD_PAGE [ 116.921016][ T6244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 116.931096][ T6244] Call Trace: [ 116.934387][ T6244] [ 116.937336][ T6244] dump_stack_lvl+0x116/0x1f0 [ 116.942050][ T6244] print_report+0xc3/0x620 [ 116.946499][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.952166][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.957830][ T6244] ? __phys_addr+0xc6/0x150 [ 116.962378][ T6244] kasan_report+0xd9/0x110 [ 116.966825][ T6244] ? sk_filter_trim_cap+0x9bd/0xac0 [ 116.972059][ T6244] ? sk_filter_trim_cap+0x9bd/0xac0 [ 116.977298][ T6244] sk_filter_trim_cap+0x9bd/0xac0 [ 116.982362][ T6244] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 116.988400][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.994100][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.999764][ T6244] ? timekeeping_debug_get_ns+0x334/0x5b0 [ 117.005530][ T6244] ? __pfx_sk_filter_trim_cap+0x10/0x10 [ 117.011114][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.016781][ T6244] ? ktime_get_with_offset+0x15d/0x240 [ 117.022286][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.027958][ T6244] sock_queue_rcv_skb_reason+0x30/0xe0 [ 117.033463][ T6244] mgmt_cmd_status+0x304/0x520 [ 117.038275][ T6244] cmd_complete_rsp+0x165/0x1e0 [ 117.043170][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 117.048324][ T6244] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 117.053741][ T6244] mgmt_index_removed+0x145/0x300 [ 117.058797][ T6244] ? __pfx_mgmt_index_removed+0x10/0x10 [ 117.064380][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.070131][ T6244] ? print_lock+0x70/0x310 [ 117.074596][ T6244] ? hci_dev_get+0x46/0x1e0 [ 117.079147][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.084811][ T6244] ? do_raw_read_unlock+0x44/0xe0 [ 117.089875][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.095542][ T6244] ? _raw_read_unlock+0x28/0x50 [ 117.100440][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.106126][ T6244] ? hci_dev_get+0xf5/0x1e0 [ 117.110680][ T6244] hci_sock_bind+0xc49/0x16f0 [ 117.115409][ T6244] ? __pfx_hci_sock_bind+0x10/0x10 [ 117.120577][ T6244] __sys_bind+0x1ee/0x220 [ 117.124959][ T6244] ? __pfx___sys_bind+0x10/0x10 [ 117.129871][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.135536][ T6244] ? rcu_is_watching+0x12/0xc0 [ 117.140340][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.146009][ T6244] __x64_sys_bind+0x72/0xb0 [ 117.150570][ T6244] ? lockdep_hardirqs_on+0x7c/0x110 [ 117.155820][ T6244] do_syscall_64+0xcd/0x250 [ 117.160356][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.166299][ T6244] RIP: 0033:0x7ff061f7e719 [ 117.170735][ T6244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.190376][ T6244] RSP: 002b:00007ff062d6a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 117.198824][ T6244] RAX: ffffffffffffffda RBX: 00007ff062135f80 RCX: 00007ff061f7e719 [ 117.206822][ T6244] RDX: 0000000000000006 RSI: 0000000020000040 RDI: 0000000000000004 [ 117.214818][ T6244] RBP: 00007ff061ff12be R08: 0000000000000000 R09: 0000000000000000 [ 117.222814][ T6244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 117.230806][ T6244] R13: 0000000000000000 R14: 00007ff062135f80 R15: 00007ffeecd43be8 [ 117.238814][ T6244] [ 117.241846][ T6244] [ 117.244176][ T6244] Allocated by task 6241: [ 117.248515][ T6244] kasan_save_stack+0x33/0x60 [ 117.253246][ T6244] kasan_save_track+0x14/0x30 [ 117.257971][ T6244] __kasan_kmalloc+0xaa/0xb0 [ 117.262608][ T6244] __kmalloc_noprof+0x1e8/0x400 [ 117.267483][ T6244] sk_prot_alloc+0x1a8/0x2a0 [ 117.272116][ T6244] sk_alloc+0x36/0xb90 [ 117.276214][ T6244] bt_sock_alloc+0x3b/0x3a0 [ 117.280751][ T6244] hci_sock_create+0xbc/0x1a0 [ 117.285464][ T6244] bt_sock_create+0x185/0x350 [ 117.290176][ T6244] __sock_create+0x331/0x840 [ 117.294812][ T6244] __sys_socket+0x14f/0x260 [ 117.299366][ T6244] __x64_sys_socket+0x72/0xb0 [ 117.304095][ T6244] do_syscall_64+0xcd/0x250 [ 117.308627][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.314573][ T6244] [ 117.316902][ T6244] Freed by task 6244: [ 117.320891][ T6244] kasan_save_stack+0x33/0x60 [ 117.325620][ T6244] kasan_save_track+0x14/0x30 [ 117.330349][ T6244] kasan_save_free_info+0x3b/0x60 [ 117.335414][ T6244] __kasan_slab_free+0x51/0x70 [ 117.340203][ T6244] kfree+0x14f/0x4b0 [ 117.344139][ T6244] __sk_destruct+0x5eb/0x720 [ 117.348755][ T6244] sk_destruct+0xc2/0xf0 [ 117.353024][ T6244] __sk_free+0xf4/0x3e0 [ 117.357206][ T6244] sk_free+0x6a/0x90 [ 117.361127][ T6244] mgmt_pending_free+0xc0/0xf0 [ 117.365930][ T6244] mgmt_remove_adv_monitor_complete+0x1b7/0x2e0 [ 117.372216][ T6244] _hci_cmd_sync_cancel_entry.constprop.0+0x6f/0x1d0 [ 117.378946][ T6244] hci_cmd_sync_dequeue+0x178/0x1f0 [ 117.384201][ T6244] cmd_complete_rsp+0x46/0x1e0 [ 117.389001][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 117.394152][ T6244] mgmt_index_removed+0x145/0x300 [ 117.399209][ T6244] hci_sock_bind+0xc49/0x16f0 [ 117.403939][ T6244] __sys_bind+0x1ee/0x220 [ 117.408318][ T6244] __x64_sys_bind+0x72/0xb0 [ 117.412871][ T6244] do_syscall_64+0xcd/0x250 [ 117.417397][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.423339][ T6244] [ 117.425669][ T6244] The buggy address belongs to the object at ffff88805b57c000 [ 117.425669][ T6244] which belongs to the cache kmalloc-2k of size 2048 [ 117.439749][ T6244] The buggy address is located 376 bytes inside of [ 117.439749][ T6244] freed 2048-byte region [ffff88805b57c000, ffff88805b57c800) [ 117.453661][ T6244] [ 117.455997][ T6244] The buggy address belongs to the physical page: [ 117.462416][ T6244] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5b578 [ 117.471196][ T6244] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 117.479718][ T6244] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 117.487723][ T6244] page_type: f5(slab) [ 117.491733][ T6244] raw: 00fff00000000040 ffff88801b042000 0000000000000000 0000000000000001 [ 117.500344][ T6244] raw: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000 [ 117.508967][ T6244] head: 00fff00000000040 ffff88801b042000 0000000000000000 0000000000000001 [ 117.517670][ T6244] head: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000 [ 117.526374][ T6244] head: 00fff00000000003 ffffea00016d5e01 ffffffffffffffff 0000000000000000 [ 117.535072][ T6244] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 117.543757][ T6244] page dumped because: kasan: bad access detected [ 117.550177][ T6244] page_owner tracks the page as allocated [ 117.555897][ T6244] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5847, tgid 5847 (syz-executor), ts 92321174332, free_ts 31348293274 [ 117.577302][ T6244] post_alloc_hook+0x2d1/0x350 [ 117.582119][ T6244] get_page_from_freelist+0x101e/0x3070 [ 117.587706][ T6244] __alloc_pages_noprof+0x223/0x25a0 [ 117.593023][ T6244] alloc_pages_mpol_noprof+0x2c9/0x610 [ 117.598515][ T6244] new_slab+0x2ba/0x3f0 [ 117.602720][ T6244] ___slab_alloc+0xdac/0x1880 [ 117.607444][ T6244] __slab_alloc.constprop.0+0x56/0xb0 [ 117.612868][ T6244] __kmalloc_cache_noprof+0x2b4/0x300 [ 117.618290][ T6244] rtnl_newlink+0x49/0xa0 [ 117.622651][ T6244] rtnetlink_rcv_msg+0x3ca/0xea0 [ 117.627626][ T6244] netlink_rcv_skb+0x16e/0x440 [ 117.632414][ T6244] netlink_unicast+0x53f/0x7f0 [ 117.637202][ T6244] netlink_sendmsg+0x8b8/0xd70 [ 117.641988][ T6244] __sys_sendto+0x47c/0x4d0 [ 117.646552][ T6244] __x64_sys_sendto+0xe0/0x1c0 [ 117.651344][ T6244] do_syscall_64+0xcd/0x250 [ 117.655870][ T6244] page last free pid 1 tgid 1 stack trace: [ 117.661686][ T6244] free_unref_page+0x5f4/0xdc0 [ 117.666481][ T6244] free_contig_range+0x135/0x3f0 [ 117.671442][ T6244] destroy_args+0xa27/0xe00 [ 117.675994][ T6244] debug_vm_pgtable+0x168e/0x31a0 [ 117.681072][ T6244] do_one_initcall+0x12b/0x700 [ 117.685879][ T6244] kernel_init_freeable+0x5c7/0x900 [ 117.691125][ T6244] kernel_init+0x1c/0x2b0 [ 117.695484][ T6244] ret_from_fork+0x48/0x80 [ 117.699922][ T6244] ret_from_fork_asm+0x1a/0x30 [ 117.704735][ T6244] [ 117.707068][ T6244] Memory state around the buggy address: [ 117.712723][ T6244] ffff88805b57c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 117.720804][ T6244] ffff88805b57c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 117.728885][ T6244] >ffff88805b57c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 117.736960][ T6244] ^ [ 117.744947][ T6244] ffff88805b57c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 117.753029][ T6244] ffff88805b57c200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 117.761103][ T6244] ================================================================== [ 117.775566][ T6244] ================================================================== [ 117.783669][ T6244] BUG: KASAN: slab-use-after-free in __sock_queue_rcv_skb+0x3c/0xa80 [ 117.791779][ T6244] Read of size 4 at addr ffff88805b57c140 by task syz.3.96/6244 [ 117.799429][ T6244] [ 117.801767][ T6244] CPU: 1 UID: 0 PID: 6244 Comm: syz.3.96 Tainted: G B 6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0 [ 117.813786][ T6244] Tainted: [B]=BAD_PAGE [ 117.817950][ T6244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 117.828024][ T6244] Call Trace: [ 117.831314][ T6244] [ 117.834263][ T6244] dump_stack_lvl+0x116/0x1f0 [ 117.838982][ T6244] print_report+0xc3/0x620 [ 117.843467][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.849135][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.854800][ T6244] ? __phys_addr+0xc6/0x150 [ 117.859344][ T6244] kasan_report+0xd9/0x110 [ 117.863792][ T6244] ? __sock_queue_rcv_skb+0x3c/0xa80 [ 117.869123][ T6244] ? __sock_queue_rcv_skb+0x3c/0xa80 [ 117.874456][ T6244] kasan_check_range+0xef/0x1a0 [ 117.879348][ T6244] __sock_queue_rcv_skb+0x3c/0xa80 [ 117.884505][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.890173][ T6244] sock_queue_rcv_skb_reason+0xa2/0xe0 [ 117.895678][ T6244] mgmt_cmd_status+0x304/0x520 [ 117.900503][ T6244] cmd_complete_rsp+0x165/0x1e0 [ 117.905396][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 117.910552][ T6244] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 117.915973][ T6244] mgmt_index_removed+0x145/0x300 [ 117.921035][ T6244] ? __pfx_mgmt_index_removed+0x10/0x10 [ 117.926616][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.932280][ T6244] ? print_lock+0x70/0x310 [ 117.936744][ T6244] ? hci_dev_get+0x46/0x1e0 [ 117.941295][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.946962][ T6244] ? do_raw_read_unlock+0x44/0xe0 [ 117.952023][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.957686][ T6244] ? _raw_read_unlock+0x28/0x50 [ 117.962585][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.968248][ T6244] ? hci_dev_get+0xf5/0x1e0 [ 117.972806][ T6244] hci_sock_bind+0xc49/0x16f0 [ 117.977535][ T6244] ? __pfx_hci_sock_bind+0x10/0x10 [ 117.982699][ T6244] __sys_bind+0x1ee/0x220 [ 117.987087][ T6244] ? __pfx___sys_bind+0x10/0x10 [ 117.991998][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 117.997662][ T6244] ? rcu_is_watching+0x12/0xc0 [ 118.002468][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 118.008138][ T6244] __x64_sys_bind+0x72/0xb0 [ 118.012697][ T6244] ? lockdep_hardirqs_on+0x7c/0x110 [ 118.017956][ T6244] do_syscall_64+0xcd/0x250 [ 118.022497][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.028445][ T6244] RIP: 0033:0x7ff061f7e719 [ 118.032887][ T6244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.052532][ T6244] RSP: 002b:00007ff062d6a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 118.060980][ T6244] RAX: ffffffffffffffda RBX: 00007ff062135f80 RCX: 00007ff061f7e719 [ 118.068980][ T6244] RDX: 0000000000000006 RSI: 0000000020000040 RDI: 0000000000000004 [ 118.076978][ T6244] RBP: 00007ff061ff12be R08: 0000000000000000 R09: 0000000000000000 [ 118.084973][ T6244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 118.092968][ T6244] R13: 0000000000000000 R14: 00007ff062135f80 R15: 00007ffeecd43be8 [ 118.100977][ T6244] [ 118.104013][ T6244] [ 118.106345][ T6244] Allocated by task 6241: [ 118.110679][ T6244] kasan_save_stack+0x33/0x60 [ 118.115410][ T6244] kasan_save_track+0x14/0x30 [ 118.120138][ T6244] __kasan_kmalloc+0xaa/0xb0 [ 118.124778][ T6244] __kmalloc_noprof+0x1e8/0x400 [ 118.129657][ T6244] sk_prot_alloc+0x1a8/0x2a0 [ 118.134287][ T6244] sk_alloc+0x36/0xb90 [ 118.138382][ T6244] bt_sock_alloc+0x3b/0x3a0 [ 118.142927][ T6244] hci_sock_create+0xbc/0x1a0 [ 118.147685][ T6244] bt_sock_create+0x185/0x350 [ 118.152400][ T6244] __sock_create+0x331/0x840 [ 118.157035][ T6244] __sys_socket+0x14f/0x260 [ 118.161584][ T6244] __x64_sys_socket+0x72/0xb0 [ 118.166306][ T6244] do_syscall_64+0xcd/0x250 [ 118.170832][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.176781][ T6244] [ 118.179111][ T6244] Freed by task 6244: [ 118.183102][ T6244] kasan_save_stack+0x33/0x60 [ 118.187828][ T6244] kasan_save_track+0x14/0x30 [ 118.192552][ T6244] kasan_save_free_info+0x3b/0x60 [ 118.197613][ T6244] __kasan_slab_free+0x51/0x70 [ 118.202399][ T6244] kfree+0x14f/0x4b0 [ 118.206337][ T6244] __sk_destruct+0x5eb/0x720 [ 118.210955][ T6244] sk_destruct+0xc2/0xf0 [ 118.215226][ T6244] __sk_free+0xf4/0x3e0 [ 118.219410][ T6244] sk_free+0x6a/0x90 [ 118.223337][ T6244] mgmt_pending_free+0xc0/0xf0 [ 118.228142][ T6244] mgmt_remove_adv_monitor_complete+0x1b7/0x2e0 [ 118.234425][ T6244] _hci_cmd_sync_cancel_entry.constprop.0+0x6f/0x1d0 [ 118.241157][ T6244] hci_cmd_sync_dequeue+0x178/0x1f0 [ 118.246404][ T6244] cmd_complete_rsp+0x46/0x1e0 [ 118.251204][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 118.256355][ T6244] mgmt_index_removed+0x145/0x300 [ 118.261408][ T6244] hci_sock_bind+0xc49/0x16f0 [ 118.266127][ T6244] __sys_bind+0x1ee/0x220 [ 118.270505][ T6244] __x64_sys_bind+0x72/0xb0 [ 118.275057][ T6244] do_syscall_64+0xcd/0x250 [ 118.279592][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.285531][ T6244] [ 118.287863][ T6244] The buggy address belongs to the object at ffff88805b57c000 [ 118.287863][ T6244] which belongs to the cache kmalloc-2k of size 2048 [ 118.301968][ T6244] The buggy address is located 320 bytes inside of [ 118.301968][ T6244] freed 2048-byte region [ffff88805b57c000, ffff88805b57c800) [ 118.315903][ T6244] [ 118.318242][ T6244] The buggy address belongs to the physical page: [ 118.324664][ T6244] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5b578 [ 118.333451][ T6244] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 118.342001][ T6244] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 118.350001][ T6244] page_type: f5(slab) [ 118.354007][ T6244] raw: 00fff00000000040 ffff88801b042000 0000000000000000 0000000000000001 [ 118.362618][ T6244] raw: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000 [ 118.371227][ T6244] head: 00fff00000000040 ffff88801b042000 0000000000000000 0000000000000001 [ 118.379923][ T6244] head: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000 [ 118.388628][ T6244] head: 00fff00000000003 ffffea00016d5e01 ffffffffffffffff 0000000000000000 [ 118.397324][ T6244] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 118.406006][ T6244] page dumped because: kasan: bad access detected [ 118.412428][ T6244] page_owner tracks the page as allocated [ 118.418235][ T6244] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5847, tgid 5847 (syz-executor), ts 92321174332, free_ts 31348293274 [ 118.439642][ T6244] post_alloc_hook+0x2d1/0x350 [ 118.444464][ T6244] get_page_from_freelist+0x101e/0x3070 [ 118.450037][ T6244] __alloc_pages_noprof+0x223/0x25a0 [ 118.455350][ T6244] alloc_pages_mpol_noprof+0x2c9/0x610 [ 118.460844][ T6244] new_slab+0x2ba/0x3f0 [ 118.465042][ T6244] ___slab_alloc+0xdac/0x1880 [ 118.469765][ T6244] __slab_alloc.constprop.0+0x56/0xb0 [ 118.475185][ T6244] __kmalloc_cache_noprof+0x2b4/0x300 [ 118.480603][ T6244] rtnl_newlink+0x49/0xa0 [ 118.484967][ T6244] rtnetlink_rcv_msg+0x3ca/0xea0 [ 118.489931][ T6244] netlink_rcv_skb+0x16e/0x440 [ 118.494722][ T6244] netlink_unicast+0x53f/0x7f0 [ 118.499507][ T6244] netlink_sendmsg+0x8b8/0xd70 [ 118.504292][ T6244] __sys_sendto+0x47c/0x4d0 [ 118.508822][ T6244] __x64_sys_sendto+0xe0/0x1c0 [ 118.513611][ T6244] do_syscall_64+0xcd/0x250 [ 118.518138][ T6244] page last free pid 1 tgid 1 stack trace: [ 118.523952][ T6244] free_unref_page+0x5f4/0xdc0 [ 118.528750][ T6244] free_contig_range+0x135/0x3f0 [ 118.533714][ T6244] destroy_args+0xa27/0xe00 [ 118.538264][ T6244] debug_vm_pgtable+0x168e/0x31a0 [ 118.543340][ T6244] do_one_initcall+0x12b/0x700 [ 118.548150][ T6244] kernel_init_freeable+0x5c7/0x900 [ 118.553395][ T6244] kernel_init+0x1c/0x2b0 [ 118.557757][ T6244] ret_from_fork+0x48/0x80 [ 118.562198][ T6244] ret_from_fork_asm+0x1a/0x30 [ 118.567007][ T6244] [ 118.569336][ T6244] Memory state around the buggy address: [ 118.574978][ T6244] ffff88805b57c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 118.583060][ T6244] ffff88805b57c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 118.591139][ T6244] >ffff88805b57c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 118.599212][ T6244] ^ [ 118.605375][ T6244] ffff88805b57c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 118.613457][ T6244] ffff88805b57c200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 118.621531][ T6244] ================================================================== [ 118.640379][ T6244] ================================================================== [ 118.648550][ T6244] BUG: KASAN: slab-use-after-free in __sock_queue_rcv_skb+0x730/0xa80 [ 118.656765][ T6244] Read of size 4 at addr ffff88805b57c140 by task syz.3.96/6244 [ 118.664406][ T6244] [ 118.666742][ T6244] CPU: 0 UID: 0 PID: 6244 Comm: syz.3.96 Tainted: G B 6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0 [ 118.678760][ T6244] Tainted: [B]=BAD_PAGE [ 118.682918][ T6244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 118.692998][ T6244] Call Trace: [ 118.696294][ T6244] [ 118.699254][ T6244] dump_stack_lvl+0x116/0x1f0 [ 118.704058][ T6244] print_report+0xc3/0x620 [ 118.708502][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 118.714157][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 118.719841][ T6244] ? __phys_addr+0xc6/0x150 [ 118.724375][ T6244] kasan_report+0xd9/0x110 [ 118.728813][ T6244] ? __sock_queue_rcv_skb+0x730/0xa80 [ 118.734214][ T6244] ? __sock_queue_rcv_skb+0x730/0xa80 [ 118.739619][ T6244] __sock_queue_rcv_skb+0x730/0xa80 [ 118.744846][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 118.750514][ T6244] sock_queue_rcv_skb_reason+0xa2/0xe0 [ 118.756015][ T6244] mgmt_cmd_status+0x304/0x520 [ 118.760824][ T6244] cmd_complete_rsp+0x165/0x1e0 [ 118.765715][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 118.770868][ T6244] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 118.776283][ T6244] mgmt_index_removed+0x145/0x300 [ 118.781341][ T6244] ? __pfx_mgmt_index_removed+0x10/0x10 [ 118.786920][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 118.792592][ T6244] ? print_lock+0x70/0x310 [ 118.797056][ T6244] ? hci_dev_get+0x46/0x1e0 [ 118.801608][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 118.807270][ T6244] ? do_raw_read_unlock+0x44/0xe0 [ 118.812331][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 118.817997][ T6244] ? _raw_read_unlock+0x28/0x50 [ 118.822894][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 118.828566][ T6244] ? hci_dev_get+0xf5/0x1e0 [ 118.833126][ T6244] hci_sock_bind+0xc49/0x16f0 [ 118.837865][ T6244] ? __pfx_hci_sock_bind+0x10/0x10 [ 118.843034][ T6244] __sys_bind+0x1ee/0x220 [ 118.847419][ T6244] ? __pfx___sys_bind+0x10/0x10 [ 118.852331][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 118.857998][ T6244] ? rcu_is_watching+0x12/0xc0 [ 118.862803][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 118.868471][ T6244] __x64_sys_bind+0x72/0xb0 [ 118.873030][ T6244] ? lockdep_hardirqs_on+0x7c/0x110 [ 118.878277][ T6244] do_syscall_64+0xcd/0x250 [ 118.882815][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.888761][ T6244] RIP: 0033:0x7ff061f7e719 [ 118.893197][ T6244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.912835][ T6244] RSP: 002b:00007ff062d6a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 118.921277][ T6244] RAX: ffffffffffffffda RBX: 00007ff062135f80 RCX: 00007ff061f7e719 [ 118.929272][ T6244] RDX: 0000000000000006 RSI: 0000000020000040 RDI: 0000000000000004 [ 118.937265][ T6244] RBP: 00007ff061ff12be R08: 0000000000000000 R09: 0000000000000000 [ 118.945261][ T6244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 118.953253][ T6244] R13: 0000000000000000 R14: 00007ff062135f80 R15: 00007ffeecd43be8 [ 118.961257][ T6244] [ 118.964287][ T6244] [ 118.966615][ T6244] Allocated by task 6241: [ 118.970954][ T6244] kasan_save_stack+0x33/0x60 [ 118.975690][ T6244] kasan_save_track+0x14/0x30 [ 118.980415][ T6244] __kasan_kmalloc+0xaa/0xb0 [ 118.985065][ T6244] __kmalloc_noprof+0x1e8/0x400 [ 118.989941][ T6244] sk_prot_alloc+0x1a8/0x2a0 [ 118.994577][ T6244] sk_alloc+0x36/0xb90 [ 118.998673][ T6244] bt_sock_alloc+0x3b/0x3a0 [ 119.003219][ T6244] hci_sock_create+0xbc/0x1a0 [ 119.007933][ T6244] bt_sock_create+0x185/0x350 [ 119.012649][ T6244] __sock_create+0x331/0x840 [ 119.017284][ T6244] __sys_socket+0x14f/0x260 [ 119.021832][ T6244] __x64_sys_socket+0x72/0xb0 [ 119.026584][ T6244] do_syscall_64+0xcd/0x250 [ 119.031113][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.037053][ T6244] [ 119.039386][ T6244] Freed by task 6244: [ 119.043378][ T6244] kasan_save_stack+0x33/0x60 [ 119.048103][ T6244] kasan_save_track+0x14/0x30 [ 119.053005][ T6244] kasan_save_free_info+0x3b/0x60 [ 119.058065][ T6244] __kasan_slab_free+0x51/0x70 [ 119.062854][ T6244] kfree+0x14f/0x4b0 [ 119.066793][ T6244] __sk_destruct+0x5eb/0x720 [ 119.071407][ T6244] sk_destruct+0xc2/0xf0 [ 119.075681][ T6244] __sk_free+0xf4/0x3e0 [ 119.079861][ T6244] sk_free+0x6a/0x90 [ 119.083788][ T6244] mgmt_pending_free+0xc0/0xf0 [ 119.088619][ T6244] mgmt_remove_adv_monitor_complete+0x1b7/0x2e0 [ 119.094906][ T6244] _hci_cmd_sync_cancel_entry.constprop.0+0x6f/0x1d0 [ 119.101640][ T6244] hci_cmd_sync_dequeue+0x178/0x1f0 [ 119.106889][ T6244] cmd_complete_rsp+0x46/0x1e0 [ 119.111691][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 119.116873][ T6244] mgmt_index_removed+0x145/0x300 [ 119.121926][ T6244] hci_sock_bind+0xc49/0x16f0 [ 119.126647][ T6244] __sys_bind+0x1ee/0x220 [ 119.131027][ T6244] __x64_sys_bind+0x72/0xb0 [ 119.135579][ T6244] do_syscall_64+0xcd/0x250 [ 119.140113][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.146069][ T6244] [ 119.148400][ T6244] The buggy address belongs to the object at ffff88805b57c000 [ 119.148400][ T6244] which belongs to the cache kmalloc-2k of size 2048 [ 119.162475][ T6244] The buggy address is located 320 bytes inside of [ 119.162475][ T6244] freed 2048-byte region [ffff88805b57c000, ffff88805b57c800) [ 119.176383][ T6244] [ 119.178719][ T6244] The buggy address belongs to the physical page: [ 119.185136][ T6244] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5b578 [ 119.193917][ T6244] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 119.202441][ T6244] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 119.210438][ T6244] page_type: f5(slab) [ 119.214443][ T6244] raw: 00fff00000000040 ffff88801b042000 0000000000000000 0000000000000001 [ 119.223054][ T6244] raw: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000 [ 119.231665][ T6244] head: 00fff00000000040 ffff88801b042000 0000000000000000 0000000000000001 [ 119.240447][ T6244] head: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000 [ 119.249161][ T6244] head: 00fff00000000003 ffffea00016d5e01 ffffffffffffffff 0000000000000000 [ 119.257859][ T6244] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 119.266543][ T6244] page dumped because: kasan: bad access detected [ 119.272967][ T6244] page_owner tracks the page as allocated [ 119.278685][ T6244] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5847, tgid 5847 (syz-executor), ts 92321174332, free_ts 31348293274 [ 119.300090][ T6244] post_alloc_hook+0x2d1/0x350 [ 119.304908][ T6244] get_page_from_freelist+0x101e/0x3070 [ 119.310487][ T6244] __alloc_pages_noprof+0x223/0x25a0 [ 119.315802][ T6244] alloc_pages_mpol_noprof+0x2c9/0x610 [ 119.321297][ T6244] new_slab+0x2ba/0x3f0 [ 119.325497][ T6244] ___slab_alloc+0xdac/0x1880 [ 119.330222][ T6244] __slab_alloc.constprop.0+0x56/0xb0 [ 119.335817][ T6244] __kmalloc_cache_noprof+0x2b4/0x300 [ 119.341236][ T6244] rtnl_newlink+0x49/0xa0 [ 119.345603][ T6244] rtnetlink_rcv_msg+0x3ca/0xea0 [ 119.350572][ T6244] netlink_rcv_skb+0x16e/0x440 [ 119.355361][ T6244] netlink_unicast+0x53f/0x7f0 [ 119.360149][ T6244] netlink_sendmsg+0x8b8/0xd70 [ 119.364934][ T6244] __sys_sendto+0x47c/0x4d0 [ 119.369466][ T6244] __x64_sys_sendto+0xe0/0x1c0 [ 119.374256][ T6244] do_syscall_64+0xcd/0x250 [ 119.378784][ T6244] page last free pid 1 tgid 1 stack trace: [ 119.384601][ T6244] free_unref_page+0x5f4/0xdc0 [ 119.389389][ T6244] free_contig_range+0x135/0x3f0 [ 119.394350][ T6244] destroy_args+0xa27/0xe00 [ 119.398902][ T6244] debug_vm_pgtable+0x168e/0x31a0 [ 119.403983][ T6244] do_one_initcall+0x12b/0x700 [ 119.408791][ T6244] kernel_init_freeable+0x5c7/0x900 [ 119.414038][ T6244] kernel_init+0x1c/0x2b0 [ 119.418400][ T6244] ret_from_fork+0x48/0x80 [ 119.422843][ T6244] ret_from_fork_asm+0x1a/0x30 [ 119.427654][ T6244] [ 119.429988][ T6244] Memory state around the buggy address: [ 119.435626][ T6244] ffff88805b57c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 119.443706][ T6244] ffff88805b57c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 119.451787][ T6244] >ffff88805b57c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 119.459866][ T6244] ^ [ 119.466034][ T6244] ffff88805b57c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 119.474113][ T6244] ffff88805b57c200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 119.482186][ T6244] ================================================================== [ 119.499937][ T6244] ================================================================== [ 119.508029][ T6244] BUG: KASAN: slab-use-after-free in __sock_queue_rcv_skb+0x73a/0xa80 [ 119.516210][ T6244] Read of size 4 at addr ffff88805b57c174 by task syz.3.96/6244 [ 119.523850][ T6244] [ 119.526209][ T6244] CPU: 0 UID: 0 PID: 6244 Comm: syz.3.96 Tainted: G B 6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0 [ 119.538215][ T6244] Tainted: [B]=BAD_PAGE [ 119.542367][ T6244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 119.552437][ T6244] Call Trace: [ 119.555758][ T6244] [ 119.558719][ T6244] dump_stack_lvl+0x116/0x1f0 [ 119.563417][ T6244] print_report+0xc3/0x620 [ 119.567852][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 119.573502][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 119.579153][ T6244] ? __phys_addr+0xc6/0x150 [ 119.583712][ T6244] kasan_report+0xd9/0x110 [ 119.588144][ T6244] ? __sock_queue_rcv_skb+0x73a/0xa80 [ 119.593543][ T6244] ? __sock_queue_rcv_skb+0x73a/0xa80 [ 119.599030][ T6244] __sock_queue_rcv_skb+0x73a/0xa80 [ 119.604261][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 119.609958][ T6244] sock_queue_rcv_skb_reason+0xa2/0xe0 [ 119.615449][ T6244] mgmt_cmd_status+0x304/0x520 [ 119.620247][ T6244] cmd_complete_rsp+0x165/0x1e0 [ 119.625211][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 119.630353][ T6244] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 119.635761][ T6244] mgmt_index_removed+0x145/0x300 [ 119.640806][ T6244] ? __pfx_mgmt_index_removed+0x10/0x10 [ 119.646634][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 119.652308][ T6244] ? print_lock+0x70/0x310 [ 119.656792][ T6244] ? hci_dev_get+0x46/0x1e0 [ 119.661362][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 119.667032][ T6244] ? do_raw_read_unlock+0x44/0xe0 [ 119.672093][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 119.677788][ T6244] ? _raw_read_unlock+0x28/0x50 [ 119.682675][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 119.688329][ T6244] ? hci_dev_get+0xf5/0x1e0 [ 119.692863][ T6244] hci_sock_bind+0xc49/0x16f0 [ 119.697592][ T6244] ? __pfx_hci_sock_bind+0x10/0x10 [ 119.702751][ T6244] __sys_bind+0x1ee/0x220 [ 119.707148][ T6244] ? __pfx___sys_bind+0x10/0x10 [ 119.712039][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 119.717688][ T6244] ? rcu_is_watching+0x12/0xc0 [ 119.722477][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 119.728129][ T6244] __x64_sys_bind+0x72/0xb0 [ 119.732666][ T6244] ? lockdep_hardirqs_on+0x7c/0x110 [ 119.737898][ T6244] do_syscall_64+0xcd/0x250 [ 119.742417][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.748344][ T6244] RIP: 0033:0x7ff061f7e719 [ 119.752777][ T6244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 119.772433][ T6244] RSP: 002b:00007ff062d6a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 119.780867][ T6244] RAX: ffffffffffffffda RBX: 00007ff062135f80 RCX: 00007ff061f7e719 [ 119.788868][ T6244] RDX: 0000000000000006 RSI: 0000000020000040 RDI: 0000000000000004 [ 119.796851][ T6244] RBP: 00007ff061ff12be R08: 0000000000000000 R09: 0000000000000000 [ 119.804833][ T6244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 119.812813][ T6244] R13: 0000000000000000 R14: 00007ff062135f80 R15: 00007ffeecd43be8 [ 119.820806][ T6244] [ 119.823826][ T6244] [ 119.826149][ T6244] Allocated by task 6241: [ 119.830475][ T6244] kasan_save_stack+0x33/0x60 [ 119.835186][ T6244] kasan_save_track+0x14/0x30 [ 119.839902][ T6244] __kasan_kmalloc+0xaa/0xb0 [ 119.844540][ T6244] __kmalloc_noprof+0x1e8/0x400 [ 119.849404][ T6244] sk_prot_alloc+0x1a8/0x2a0 [ 119.854028][ T6244] sk_alloc+0x36/0xb90 [ 119.858126][ T6244] bt_sock_alloc+0x3b/0x3a0 [ 119.862651][ T6244] hci_sock_create+0xbc/0x1a0 [ 119.867349][ T6244] bt_sock_create+0x185/0x350 [ 119.872048][ T6244] __sock_create+0x331/0x840 [ 119.876666][ T6244] __sys_socket+0x14f/0x260 [ 119.881224][ T6244] __x64_sys_socket+0x72/0xb0 [ 119.885929][ T6244] do_syscall_64+0xcd/0x250 [ 119.890448][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.896369][ T6244] [ 119.898692][ T6244] Freed by task 6244: [ 119.902685][ T6244] kasan_save_stack+0x33/0x60 [ 119.907422][ T6244] kasan_save_track+0x14/0x30 [ 119.912130][ T6244] kasan_save_free_info+0x3b/0x60 [ 119.917279][ T6244] __kasan_slab_free+0x51/0x70 [ 119.922147][ T6244] kfree+0x14f/0x4b0 [ 119.926086][ T6244] __sk_destruct+0x5eb/0x720 [ 119.930702][ T6244] sk_destruct+0xc2/0xf0 [ 119.934959][ T6244] __sk_free+0xf4/0x3e0 [ 119.939152][ T6244] sk_free+0x6a/0x90 [ 119.943060][ T6244] mgmt_pending_free+0xc0/0xf0 [ 119.947847][ T6244] mgmt_remove_adv_monitor_complete+0x1b7/0x2e0 [ 119.954124][ T6244] _hci_cmd_sync_cancel_entry.constprop.0+0x6f/0x1d0 [ 119.960860][ T6244] hci_cmd_sync_dequeue+0x178/0x1f0 [ 119.966091][ T6244] cmd_complete_rsp+0x46/0x1e0 [ 119.970873][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 119.976009][ T6244] mgmt_index_removed+0x145/0x300 [ 119.981054][ T6244] hci_sock_bind+0xc49/0x16f0 [ 119.985768][ T6244] __sys_bind+0x1ee/0x220 [ 119.990142][ T6244] __x64_sys_bind+0x72/0xb0 [ 119.994704][ T6244] do_syscall_64+0xcd/0x250 [ 119.999220][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.005143][ T6244] [ 120.007466][ T6244] The buggy address belongs to the object at ffff88805b57c000 [ 120.007466][ T6244] which belongs to the cache kmalloc-2k of size 2048 [ 120.021528][ T6244] The buggy address is located 372 bytes inside of [ 120.021528][ T6244] freed 2048-byte region [ffff88805b57c000, ffff88805b57c800) [ 120.035422][ T6244] [ 120.037758][ T6244] The buggy address belongs to the physical page: [ 120.044171][ T6244] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5b578 [ 120.052948][ T6244] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 120.061485][ T6244] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 120.069490][ T6244] page_type: f5(slab) [ 120.073481][ T6244] raw: 00fff00000000040 ffff88801b042000 0000000000000000 0000000000000001 [ 120.082078][ T6244] raw: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000 [ 120.090677][ T6244] head: 00fff00000000040 ffff88801b042000 0000000000000000 0000000000000001 [ 120.099360][ T6244] head: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000 [ 120.108042][ T6244] head: 00fff00000000003 ffffea00016d5e01 ffffffffffffffff 0000000000000000 [ 120.116727][ T6244] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 120.125403][ T6244] page dumped because: kasan: bad access detected [ 120.131842][ T6244] page_owner tracks the page as allocated [ 120.137576][ T6244] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5847, tgid 5847 (syz-executor), ts 92321174332, free_ts 31348293274 [ 120.159071][ T6244] post_alloc_hook+0x2d1/0x350 [ 120.163888][ T6244] get_page_from_freelist+0x101e/0x3070 [ 120.169489][ T6244] __alloc_pages_noprof+0x223/0x25a0 [ 120.174815][ T6244] alloc_pages_mpol_noprof+0x2c9/0x610 [ 120.180292][ T6244] new_slab+0x2ba/0x3f0 [ 120.184474][ T6244] ___slab_alloc+0xdac/0x1880 [ 120.189177][ T6244] __slab_alloc.constprop.0+0x56/0xb0 [ 120.194577][ T6244] __kmalloc_cache_noprof+0x2b4/0x300 [ 120.199984][ T6244] rtnl_newlink+0x49/0xa0 [ 120.204340][ T6244] rtnetlink_rcv_msg+0x3ca/0xea0 [ 120.209312][ T6244] netlink_rcv_skb+0x16e/0x440 [ 120.214112][ T6244] netlink_unicast+0x53f/0x7f0 [ 120.218886][ T6244] netlink_sendmsg+0x8b8/0xd70 [ 120.223661][ T6244] __sys_sendto+0x47c/0x4d0 [ 120.228177][ T6244] __x64_sys_sendto+0xe0/0x1c0 [ 120.232953][ T6244] do_syscall_64+0xcd/0x250 [ 120.237495][ T6244] page last free pid 1 tgid 1 stack trace: [ 120.243300][ T6244] free_unref_page+0x5f4/0xdc0 [ 120.248096][ T6244] free_contig_range+0x135/0x3f0 [ 120.253053][ T6244] destroy_args+0xa27/0xe00 [ 120.257612][ T6244] debug_vm_pgtable+0x168e/0x31a0 [ 120.262667][ T6244] do_one_initcall+0x12b/0x700 [ 120.267469][ T6244] kernel_init_freeable+0x5c7/0x900 [ 120.272729][ T6244] kernel_init+0x1c/0x2b0 [ 120.277074][ T6244] ret_from_fork+0x48/0x80 [ 120.281503][ T6244] ret_from_fork_asm+0x1a/0x30 [ 120.286300][ T6244] [ 120.288643][ T6244] Memory state around the buggy address: [ 120.294296][ T6244] ffff88805b57c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 120.302388][ T6244] ffff88805b57c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 120.310474][ T6244] >ffff88805b57c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 120.318536][ T6244] ^ [ 120.326253][ T6244] ffff88805b57c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 120.334324][ T6244] ffff88805b57c200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 120.342413][ T6244] ================================================================== [ 120.353125][ T6244] ================================================================== [ 120.361244][ T6244] BUG: KASAN: slab-use-after-free in __sock_queue_rcv_skb+0x9ec/0xa80 [ 120.369468][ T6244] Read of size 8 at addr ffff88805b57c028 by task syz.3.96/6244 [ 120.377145][ T6244] [ 120.379487][ T6244] CPU: 0 UID: 0 PID: 6244 Comm: syz.3.96 Tainted: G B 6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0 [ 120.391594][ T6244] Tainted: [B]=BAD_PAGE [ 120.395755][ T6244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 120.405830][ T6244] Call Trace: [ 120.409130][ T6244] [ 120.412075][ T6244] dump_stack_lvl+0x116/0x1f0 [ 120.416797][ T6244] print_report+0xc3/0x620 [ 120.421246][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 120.426913][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 120.432581][ T6244] ? __phys_addr+0xc6/0x150 [ 120.437129][ T6244] kasan_report+0xd9/0x110 [ 120.441579][ T6244] ? __sock_queue_rcv_skb+0x9ec/0xa80 [ 120.447005][ T6244] ? __sock_queue_rcv_skb+0x9ec/0xa80 [ 120.452425][ T6244] __sock_queue_rcv_skb+0x9ec/0xa80 [ 120.457668][ T6244] sock_queue_rcv_skb_reason+0xa2/0xe0 [ 120.463172][ T6244] mgmt_cmd_status+0x304/0x520 [ 120.467988][ T6244] cmd_complete_rsp+0x165/0x1e0 [ 120.472883][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 120.478042][ T6244] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 120.483461][ T6244] mgmt_index_removed+0x145/0x300 [ 120.488524][ T6244] ? __pfx_mgmt_index_removed+0x10/0x10 [ 120.494136][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 120.499802][ T6244] ? print_lock+0x70/0x310 [ 120.504265][ T6244] ? hci_dev_get+0x46/0x1e0 [ 120.508830][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 120.514496][ T6244] ? do_raw_read_unlock+0x44/0xe0 [ 120.519564][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 120.525228][ T6244] ? _raw_read_unlock+0x28/0x50 [ 120.530129][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 120.535799][ T6244] ? hci_dev_get+0xf5/0x1e0 [ 120.540352][ T6244] hci_sock_bind+0xc49/0x16f0 [ 120.545079][ T6244] ? __pfx_hci_sock_bind+0x10/0x10 [ 120.550244][ T6244] __sys_bind+0x1ee/0x220 [ 120.554630][ T6244] ? __pfx___sys_bind+0x10/0x10 [ 120.559545][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 120.565213][ T6244] ? rcu_is_watching+0x12/0xc0 [ 120.570018][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 120.575690][ T6244] __x64_sys_bind+0x72/0xb0 [ 120.580249][ T6244] ? lockdep_hardirqs_on+0x7c/0x110 [ 120.585505][ T6244] do_syscall_64+0xcd/0x250 [ 120.590044][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.595990][ T6244] RIP: 0033:0x7ff061f7e719 [ 120.600427][ T6244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 120.620125][ T6244] RSP: 002b:00007ff062d6a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 120.628571][ T6244] RAX: ffffffffffffffda RBX: 00007ff062135f80 RCX: 00007ff061f7e719 [ 120.636569][ T6244] RDX: 0000000000000006 RSI: 0000000020000040 RDI: 0000000000000004 [ 120.644568][ T6244] RBP: 00007ff061ff12be R08: 0000000000000000 R09: 0000000000000000 [ 120.652567][ T6244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 120.660562][ T6244] R13: 0000000000000000 R14: 00007ff062135f80 R15: 00007ffeecd43be8 [ 120.668572][ T6244] [ 120.671606][ T6244] [ 120.673935][ T6244] Allocated by task 6241: [ 120.678278][ T6244] kasan_save_stack+0x33/0x60 [ 120.683013][ T6244] kasan_save_track+0x14/0x30 [ 120.687743][ T6244] __kasan_kmalloc+0xaa/0xb0 [ 120.692380][ T6244] __kmalloc_noprof+0x1e8/0x400 [ 120.697257][ T6244] sk_prot_alloc+0x1a8/0x2a0 [ 120.701890][ T6244] sk_alloc+0x36/0xb90 [ 120.705988][ T6244] bt_sock_alloc+0x3b/0x3a0 [ 120.710529][ T6244] hci_sock_create+0xbc/0x1a0 [ 120.715248][ T6244] bt_sock_create+0x185/0x350 [ 120.719961][ T6244] __sock_create+0x331/0x840 [ 120.724605][ T6244] __sys_socket+0x14f/0x260 [ 120.729158][ T6244] __x64_sys_socket+0x72/0xb0 [ 120.734227][ T6244] do_syscall_64+0xcd/0x250 [ 120.738755][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.744694][ T6244] [ 120.747030][ T6244] Freed by task 6244: [ 120.751018][ T6244] kasan_save_stack+0x33/0x60 [ 120.755750][ T6244] kasan_save_track+0x14/0x30 [ 120.760493][ T6244] kasan_save_free_info+0x3b/0x60 [ 120.765559][ T6244] __kasan_slab_free+0x51/0x70 [ 120.770348][ T6244] kfree+0x14f/0x4b0 [ 120.774288][ T6244] __sk_destruct+0x5eb/0x720 [ 120.778907][ T6244] sk_destruct+0xc2/0xf0 [ 120.783185][ T6244] __sk_free+0xf4/0x3e0 [ 120.787369][ T6244] sk_free+0x6a/0x90 [ 120.791291][ T6244] mgmt_pending_free+0xc0/0xf0 [ 120.796100][ T6244] mgmt_remove_adv_monitor_complete+0x1b7/0x2e0 [ 120.802386][ T6244] _hci_cmd_sync_cancel_entry.constprop.0+0x6f/0x1d0 [ 120.809126][ T6244] hci_cmd_sync_dequeue+0x178/0x1f0 [ 120.814378][ T6244] cmd_complete_rsp+0x46/0x1e0 [ 120.819178][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 120.824329][ T6244] mgmt_index_removed+0x145/0x300 [ 120.829381][ T6244] hci_sock_bind+0xc49/0x16f0 [ 120.834099][ T6244] __sys_bind+0x1ee/0x220 [ 120.838482][ T6244] __x64_sys_bind+0x72/0xb0 [ 120.843036][ T6244] do_syscall_64+0xcd/0x250 [ 120.847567][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.853508][ T6244] [ 120.855842][ T6244] The buggy address belongs to the object at ffff88805b57c000 [ 120.855842][ T6244] which belongs to the cache kmalloc-2k of size 2048 [ 120.869919][ T6244] The buggy address is located 40 bytes inside of [ 120.869919][ T6244] freed 2048-byte region [ffff88805b57c000, ffff88805b57c800) [ 120.883755][ T6244] [ 120.886086][ T6244] The buggy address belongs to the physical page: [ 120.892499][ T6244] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5b578 [ 120.901282][ T6244] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 120.909803][ T6244] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 120.917806][ T6244] page_type: f5(slab) [ 120.921811][ T6244] raw: 00fff00000000040 ffff88801b042000 0000000000000000 0000000000000001 [ 120.930424][ T6244] raw: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000 [ 120.939037][ T6244] head: 00fff00000000040 ffff88801b042000 0000000000000000 0000000000000001 [ 120.947737][ T6244] head: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000 [ 120.956436][ T6244] head: 00fff00000000003 ffffea00016d5e01 ffffffffffffffff 0000000000000000 [ 120.965135][ T6244] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 120.973857][ T6244] page dumped because: kasan: bad access detected [ 120.980286][ T6244] page_owner tracks the page as allocated [ 120.986010][ T6244] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5847, tgid 5847 (syz-executor), ts 92321174332, free_ts 31348293274 [ 121.007444][ T6244] post_alloc_hook+0x2d1/0x350 [ 121.012277][ T6244] get_page_from_freelist+0x101e/0x3070 [ 121.017861][ T6244] __alloc_pages_noprof+0x223/0x25a0 [ 121.023184][ T6244] alloc_pages_mpol_noprof+0x2c9/0x610 [ 121.028683][ T6244] new_slab+0x2ba/0x3f0 [ 121.032891][ T6244] ___slab_alloc+0xdac/0x1880 [ 121.037617][ T6244] __slab_alloc.constprop.0+0x56/0xb0 [ 121.043049][ T6244] __kmalloc_cache_noprof+0x2b4/0x300 [ 121.048472][ T6244] rtnl_newlink+0x49/0xa0 [ 121.052836][ T6244] rtnetlink_rcv_msg+0x3ca/0xea0 [ 121.057802][ T6244] netlink_rcv_skb+0x16e/0x440 [ 121.062592][ T6244] netlink_unicast+0x53f/0x7f0 [ 121.067383][ T6244] netlink_sendmsg+0x8b8/0xd70 [ 121.072171][ T6244] __sys_sendto+0x47c/0x4d0 [ 121.076711][ T6244] __x64_sys_sendto+0xe0/0x1c0 [ 121.081503][ T6244] do_syscall_64+0xcd/0x250 [ 121.086038][ T6244] page last free pid 1 tgid 1 stack trace: [ 121.091862][ T6244] free_unref_page+0x5f4/0xdc0 [ 121.096656][ T6244] free_contig_range+0x135/0x3f0 [ 121.101629][ T6244] destroy_args+0xa27/0xe00 [ 121.106191][ T6244] debug_vm_pgtable+0x168e/0x31a0 [ 121.111270][ T6244] do_one_initcall+0x12b/0x700 [ 121.116080][ T6244] kernel_init_freeable+0x5c7/0x900 [ 121.121332][ T6244] kernel_init+0x1c/0x2b0 [ 121.125700][ T6244] ret_from_fork+0x48/0x80 [ 121.130141][ T6244] ret_from_fork_asm+0x1a/0x30 [ 121.134950][ T6244] [ 121.137280][ T6244] Memory state around the buggy address: [ 121.142921][ T6244] ffff88805b57bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 121.151001][ T6244] ffff88805b57bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 121.159080][ T6244] >ffff88805b57c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 121.167153][ T6244] ^ [ 121.172538][ T6244] ffff88805b57c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 121.180619][ T6244] ffff88805b57c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 121.188705][ T6244] ================================================================== [ 121.206927][ T6244] ================================================================== [ 121.215034][ T6244] BUG: KASAN: slab-use-after-free in __sock_queue_rcv_skb+0x295/0xa80 [ 121.223236][ T6244] Write of size 4 at addr ffff88805b57c140 by task syz.3.96/6244 [ 121.230975][ T6244] [ 121.233325][ T6244] CPU: 1 UID: 0 PID: 6244 Comm: syz.3.96 Tainted: G B 6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0 [ 121.245341][ T6244] Tainted: [B]=BAD_PAGE [ 121.249501][ T6244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 121.259577][ T6244] Call Trace: [ 121.262871][ T6244] [ 121.265817][ T6244] dump_stack_lvl+0x116/0x1f0 [ 121.270528][ T6244] print_report+0xc3/0x620 [ 121.274979][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 121.280646][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 121.286312][ T6244] ? __phys_addr+0xc6/0x150 [ 121.290867][ T6244] kasan_report+0xd9/0x110 [ 121.295324][ T6244] ? __sock_queue_rcv_skb+0x295/0xa80 [ 121.300741][ T6244] ? __sock_queue_rcv_skb+0x295/0xa80 [ 121.306168][ T6244] kasan_check_range+0xef/0x1a0 [ 121.311063][ T6244] __sock_queue_rcv_skb+0x295/0xa80 [ 121.316311][ T6244] sock_queue_rcv_skb_reason+0xa2/0xe0 [ 121.321816][ T6244] mgmt_cmd_status+0x304/0x520 [ 121.326630][ T6244] cmd_complete_rsp+0x165/0x1e0 [ 121.331523][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 121.336680][ T6244] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 121.342101][ T6244] mgmt_index_removed+0x145/0x300 [ 121.347166][ T6244] ? __pfx_mgmt_index_removed+0x10/0x10 [ 121.352752][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 121.358457][ T6244] ? print_lock+0x70/0x310 [ 121.362925][ T6244] ? hci_dev_get+0x46/0x1e0 [ 121.367481][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 121.373148][ T6244] ? do_raw_read_unlock+0x44/0xe0 [ 121.378211][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 121.383879][ T6244] ? _raw_read_unlock+0x28/0x50 [ 121.388783][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 121.394450][ T6244] ? hci_dev_get+0xf5/0x1e0 [ 121.399005][ T6244] hci_sock_bind+0xc49/0x16f0 [ 121.403736][ T6244] ? __pfx_hci_sock_bind+0x10/0x10 [ 121.408903][ T6244] __sys_bind+0x1ee/0x220 [ 121.413292][ T6244] ? __pfx___sys_bind+0x10/0x10 [ 121.418381][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 121.424044][ T6244] ? rcu_is_watching+0x12/0xc0 [ 121.428849][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 121.434519][ T6244] __x64_sys_bind+0x72/0xb0 [ 121.439081][ T6244] ? lockdep_hardirqs_on+0x7c/0x110 [ 121.444334][ T6244] do_syscall_64+0xcd/0x250 [ 121.448871][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.454822][ T6244] RIP: 0033:0x7ff061f7e719 [ 121.459261][ T6244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 121.478909][ T6244] RSP: 002b:00007ff062d6a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 121.487366][ T6244] RAX: ffffffffffffffda RBX: 00007ff062135f80 RCX: 00007ff061f7e719 [ 121.495367][ T6244] RDX: 0000000000000006 RSI: 0000000020000040 RDI: 0000000000000004 [ 121.503365][ T6244] RBP: 00007ff061ff12be R08: 0000000000000000 R09: 0000000000000000 [ 121.511362][ T6244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 121.519359][ T6244] R13: 0000000000000000 R14: 00007ff062135f80 R15: 00007ffeecd43be8 [ 121.527370][ T6244] [ 121.530404][ T6244] [ 121.532740][ T6244] Allocated by task 6241: [ 121.537078][ T6244] kasan_save_stack+0x33/0x60 [ 121.541811][ T6244] kasan_save_track+0x14/0x30 [ 121.546539][ T6244] __kasan_kmalloc+0xaa/0xb0 [ 121.551176][ T6244] __kmalloc_noprof+0x1e8/0x400 [ 121.556053][ T6244] sk_prot_alloc+0x1a8/0x2a0 [ 121.560688][ T6244] sk_alloc+0x36/0xb90 [ 121.564786][ T6244] bt_sock_alloc+0x3b/0x3a0 [ 121.569328][ T6244] hci_sock_create+0xbc/0x1a0 [ 121.574046][ T6244] bt_sock_create+0x185/0x350 [ 121.578763][ T6244] __sock_create+0x331/0x840 [ 121.583401][ T6244] __sys_socket+0x14f/0x260 [ 121.587959][ T6244] __x64_sys_socket+0x72/0xb0 [ 121.592686][ T6244] do_syscall_64+0xcd/0x250 [ 121.597221][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.603174][ T6244] [ 121.605507][ T6244] Freed by task 6244: [ 121.609495][ T6244] kasan_save_stack+0x33/0x60 [ 121.614225][ T6244] kasan_save_track+0x14/0x30 [ 121.618958][ T6244] kasan_save_free_info+0x3b/0x60 [ 121.624043][ T6244] __kasan_slab_free+0x51/0x70 [ 121.628835][ T6244] kfree+0x14f/0x4b0 [ 121.632774][ T6244] __sk_destruct+0x5eb/0x720 [ 121.637392][ T6244] sk_destruct+0xc2/0xf0 [ 121.641665][ T6244] __sk_free+0xf4/0x3e0 [ 121.645850][ T6244] sk_free+0x6a/0x90 [ 121.649779][ T6244] mgmt_pending_free+0xc0/0xf0 [ 121.654585][ T6244] mgmt_remove_adv_monitor_complete+0x1b7/0x2e0 [ 121.660877][ T6244] _hci_cmd_sync_cancel_entry.constprop.0+0x6f/0x1d0 [ 121.667615][ T6244] hci_cmd_sync_dequeue+0x178/0x1f0 [ 121.672871][ T6244] cmd_complete_rsp+0x46/0x1e0 [ 121.677675][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 121.682830][ T6244] mgmt_index_removed+0x145/0x300 [ 121.687887][ T6244] hci_sock_bind+0xc49/0x16f0 [ 121.692615][ T6244] __sys_bind+0x1ee/0x220 [ 121.696994][ T6244] __x64_sys_bind+0x72/0xb0 [ 121.701551][ T6244] do_syscall_64+0xcd/0x250 [ 121.706085][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.712027][ T6244] [ 121.714359][ T6244] The buggy address belongs to the object at ffff88805b57c000 [ 121.714359][ T6244] which belongs to the cache kmalloc-2k of size 2048 [ 121.728435][ T6244] The buggy address is located 320 bytes inside of [ 121.728435][ T6244] freed 2048-byte region [ffff88805b57c000, ffff88805b57c800) [ 121.742347][ T6244] [ 121.744679][ T6244] The buggy address belongs to the physical page: [ 121.751098][ T6244] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5b578 [ 121.759881][ T6244] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 121.768403][ T6244] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 121.776401][ T6244] page_type: f5(slab) [ 121.780443][ T6244] raw: 00fff00000000040 ffff88801b042000 0000000000000000 0000000000000001 [ 121.789075][ T6244] raw: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000 [ 121.797697][ T6244] head: 00fff00000000040 ffff88801b042000 0000000000000000 0000000000000001 [ 121.806405][ T6244] head: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000 [ 121.815113][ T6244] head: 00fff00000000003 ffffea00016d5e01 ffffffffffffffff 0000000000000000 [ 121.823817][ T6244] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 121.832505][ T6244] page dumped because: kasan: bad access detected [ 121.838932][ T6244] page_owner tracks the page as allocated [ 121.844664][ T6244] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5847, tgid 5847 (syz-executor), ts 92321174332, free_ts 31348293274 [ 121.866078][ T6244] post_alloc_hook+0x2d1/0x350 [ 121.870898][ T6244] get_page_from_freelist+0x101e/0x3070 [ 121.876481][ T6244] __alloc_pages_noprof+0x223/0x25a0 [ 121.881798][ T6244] alloc_pages_mpol_noprof+0x2c9/0x610 [ 121.887296][ T6244] new_slab+0x2ba/0x3f0 [ 121.891497][ T6244] ___slab_alloc+0xdac/0x1880 [ 121.896223][ T6244] __slab_alloc.constprop.0+0x56/0xb0 [ 121.901644][ T6244] __kmalloc_cache_noprof+0x2b4/0x300 [ 121.907069][ T6244] rtnl_newlink+0x49/0xa0 [ 121.911434][ T6244] rtnetlink_rcv_msg+0x3ca/0xea0 [ 121.916408][ T6244] netlink_rcv_skb+0x16e/0x440 [ 121.921199][ T6244] netlink_unicast+0x53f/0x7f0 [ 121.925988][ T6244] netlink_sendmsg+0x8b8/0xd70 [ 121.930778][ T6244] __sys_sendto+0x47c/0x4d0 [ 121.935309][ T6244] __x64_sys_sendto+0xe0/0x1c0 [ 121.940103][ T6244] do_syscall_64+0xcd/0x250 [ 121.944636][ T6244] page last free pid 1 tgid 1 stack trace: [ 121.950455][ T6244] free_unref_page+0x5f4/0xdc0 [ 121.955246][ T6244] free_contig_range+0x135/0x3f0 [ 121.960212][ T6244] destroy_args+0xa27/0xe00 [ 121.964762][ T6244] debug_vm_pgtable+0x168e/0x31a0 [ 121.969842][ T6244] do_one_initcall+0x12b/0x700 [ 121.974651][ T6244] kernel_init_freeable+0x5c7/0x900 [ 121.979905][ T6244] kernel_init+0x1c/0x2b0 [ 121.984277][ T6244] ret_from_fork+0x48/0x80 [ 121.988721][ T6244] ret_from_fork_asm+0x1a/0x30 [ 121.993533][ T6244] [ 121.995864][ T6244] Memory state around the buggy address: [ 122.001509][ T6244] ffff88805b57c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 122.009595][ T6244] ffff88805b57c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 122.017681][ T6244] >ffff88805b57c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 122.025761][ T6244] ^ [ 122.031925][ T6244] ffff88805b57c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 122.040012][ T6244] ffff88805b57c200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 122.048089][ T6244] ================================================================== [ 122.062692][ T6244] Kernel panic - not syncing: kasan.fault=panic_on_write set ... [ 122.070471][ T6244] CPU: 0 UID: 0 PID: 6244 Comm: syz.3.96 Tainted: G B 6.12.0-rc4-syzkaller-00161-gae90f6a6170d #0 [ 122.082500][ T6244] Tainted: [B]=BAD_PAGE [ 122.086664][ T6244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 122.096748][ T6244] Call Trace: [ 122.100039][ T6244] [ 122.102983][ T6244] dump_stack_lvl+0x3d/0x1f0 [ 122.107613][ T6244] panic+0x71d/0x800 [ 122.111573][ T6244] ? rcu_is_watching+0x12/0xc0 [ 122.116386][ T6244] ? __pfx_panic+0x10/0x10 [ 122.120860][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 122.126528][ T6244] ? preempt_schedule_common+0x44/0xc0 [ 122.132040][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 122.137710][ T6244] ? preempt_schedule_thunk+0x1a/0x30 [ 122.143126][ T6244] end_report+0x160/0x180 [ 122.147490][ T6244] kasan_report+0xe9/0x110 [ 122.151936][ T6244] ? __sock_queue_rcv_skb+0x295/0xa80 [ 122.157353][ T6244] ? __sock_queue_rcv_skb+0x295/0xa80 [ 122.162782][ T6244] kasan_check_range+0xef/0x1a0 [ 122.167724][ T6244] __sock_queue_rcv_skb+0x295/0xa80 [ 122.172970][ T6244] sock_queue_rcv_skb_reason+0xa2/0xe0 [ 122.178475][ T6244] mgmt_cmd_status+0x304/0x520 [ 122.183287][ T6244] cmd_complete_rsp+0x165/0x1e0 [ 122.188182][ T6244] mgmt_pending_foreach+0xe2/0x140 [ 122.193339][ T6244] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 122.198756][ T6244] mgmt_index_removed+0x145/0x300 [ 122.203826][ T6244] ? __pfx_mgmt_index_removed+0x10/0x10 [ 122.209412][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 122.215078][ T6244] ? print_lock+0x70/0x310 [ 122.219544][ T6244] ? hci_dev_get+0x46/0x1e0 [ 122.224102][ T6244] ? srso_alias_return_thunk+0x5/0xfbef5 [ 122.229767][ T6244] ? do_raw_read_unlock+0x44/0xe0