last executing test programs: 15.948585035s ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000b0000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000060000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='ext4_es_lookup_extent_enter\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='ext4_es_lookup_extent_enter\x00', r2}, 0x10) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) 15.671796426s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000800850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x0, 0x0, 0x0, 0x401}, 0x48) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000000)={0x0, 0x0}) close(r2) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x127) 15.167785059s ago: executing program 2: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x1808014, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461002018bbdecde39739fcd1df176dde746ec834120600000000003b048000000000000072462abc30ef5b65c70f73ecea54b5e5bec5aca9836c319f653557e79a002208ceae6dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e36868736000000f6a55493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1174e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc369c71e57fafab52f325ca91e684160191acf5ae7469c82ab4145b595b987d75912afdcc1c061835294cc0c618aba204f8adaa20c80108d356cd887ba217c8f569e6d0caf75052a77056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6ac0d90ea79b8027cf75964dd86c2ed2b5e75779677a28c76b848dd03dab190b5f02ec52830f3ff01eaae1c3df076000000000000000000000000000083a48a6b926c668b9ba42490175018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac011170182f99766e86fb125cc6799c43aa4dc708dc4a00a6decad26f0378072a571da000000aec3dfbae348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0f1415e90fd0400bad5f796374bb196e60e537b8ffca80a5ec3c5c063aab2c87a7824c4fbfab7264185e1b2e59012acbf3732abe75b848de8ec4aaba2e3c8cd14dd9bf9499952815b9fb34057a585a9c18a11f3d496825b3fcb0c8aa89e079fd78997da864b302139b2b10597100846b55f7d0b050b7b0ef7e9c897c50b53404acdd701425323201b33465fddec69c37cb13fd441a830af5ea73f4ac82d7926eb0db1141003d148473077a76c3bee7e37dc799abb47bd67cde7958c50fb2d15c9cc196e4bff1d00"/716], 0x5, 0x558b, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx64auumCJWPBPEEisWPIbWMASdogFiB1SkWcmULdJC63jQPs80vjMHL8+874jK9KZiRzAU2sp/e2XJI7FoYhYiIijSeT7SblF3I44X4x9LiKOR0Tlri0p838m9kfE4Yg4Nile1EzKtz47OT5x9uc3f/362wP7jnz+1Xd7unBgTz0fEf31Yv9mv4hZJw93Fsp8Y9zNY//MuIzrUzX6WZG/2V7LK9xsbI1r5PF0pxifrd8YTuLVXqM5iZ3u1Ty/PihOOBx3tupMPpBea2zkx632Wh67wyyPnVvFeTdvFX/bbg1HRZ1WWe+jvHyMRluxyLc328V61q/nsTkYlfmibtZqb07iuIzl6aKZ9Vr5PNYe9Sr/+73VHdzYTMftjWE3G6Rna/UXavVz1fpG1mqP2meqjX7r3Jl0udObDKuO2o3++U6WdXrtWjPrr6TLnWazWq+nyxfaa93GIK3Xa6drp6pnV8q9k+lrl99Le610eRJf6Q5ujLq9YXo120iLT6ykq7XTL66kJ+rpO5eupFfevnjx0pV3P7jw/uWXL73xajnovmmly6unVler9VPV1frKU7T+j8tJ/4P1J9unf/j+8S4bFHb4ggGws/v6/7i3/w/9PzBzD+j/49pD+v/+9fJ4d/r/2Lb/r0z3/zHL/n/SUun/H97/Vvag/10M/f8urh8ey6P1//tnPg8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAObux8UvXs93lorjI2X+f2XqmfI4iYhKRNzZxkLsn6q5UNZZ3GH84j1z+CaJvMLkHAfK7XBEnC+33/+/21cBAAAAnlxf3j7+adGtFy9Lez0h5qm4aVM5+uGM6iURsbj004yqVSYvz86oWP793hebM6qW38A6OKNixS23fbOq9rcsTIWDd4WkCJW5TgcAAJiL6U5gvl0IAAAA8/TJA999aW7zYM6S2HqUufUsOP/P+78eCB6aeg8AAAD4D0r2egIAAADArsv7f7//BwAAAE+24vf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YOd+ctMGojgAPxsM/auiqvtepTs4Ro/QZZeFA/QSHIGeoFIvwBmolEWOkIQIe4LkBKRIjHGCvk+ynRlHP88AmzeWBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu/a9Wsz+/vv4+Mebv7fY0maYDAAAAHLCpVrP6j0nTfp/6P6auz6ldREQZEYdq90GMWpmDlFMd+f/q0Rj+RdQJu/5xOt5FxLd03Hzq+lMAAACAy7VeLKdNtd6c0hLAVb+j4kyaRZvyw/dMeUVEVJPrTGnl7vQlU1j9+x7Gz0xp9QLWm0xhzZLb8PC9Ua6HtA1al4eZzOsvsW6V3TwXAADoU7sSOFKFAAAAcAF+9D0AzuFpaV/sT/v3jOPmkl4Ivm21AAAAgFeo6HsAAAAAQOfq+v8l7f9X2P8PAAAAsmv2/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBLm2o1Wy+W02P358/MudueJt+MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB79ucdBUIgDMJg7/rOZO5/WGnQ0NikCoSPvzEYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN787i//J6bGmWTutbH0PJKsnRpbp8beuXH0h/H1awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYn5cUCIEgiII5438nff/DSoKeQYQIaHhUUYsGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAL/rdL/8npsaZZO60sXQ8kqxdNbauGnsPGkcPxtu/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYt2PfNqowAOCffbbbFBAhoEgEUJE6wEJTt7R0RQgUMfAnIEWpUwIuhTYDrSJKFjaUuQuCESEkUNjyP3RupC5l65AhSEwMQXe+S8+JoVFp79zm95Oe3+fz9b3vna0qn98ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKCw9W682szjJH2YHMTFsdvbKwtpv7mnT22s3ZlJWxo3Ks77CfBa+cnx6foSAQAA4PBIivo+Iu621+fSvjmZ1f/t4py05v/huUFc1PN76/7N7ZWj+UszRf3/+2/3XtqdaDLJ5kkHXVzq907tT6X1mJY49p5/4Bmt7Mpn370k2RvS/HD1xa12dj0b39269X4nC49UkS0A8DBOFn0eFH8PpX23zsQAODRapcK7qP+TyXpzAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKjC1mo8U8SNiJhp3Y9Tm9srC6P6b9buzGzk7dzNm2vlMdMh2hGxuNTvnapwLeOruJrXP5vv93tXrl6rOjgeESNeunGwf57k6f/rOZ2IGDpy4uUR43x8gLn2jLMvyD+eUe01nEjX98CTG0NHGvsu+Hs7A3V8AKoKmvn7My75PMqg+Ow9+pEr/u8IAICnXjtvaSV6t70+lx5rTEXs/Dhc/79RimOo7t+5MTgyeL5Rqv/vfXLudnmucv3frWh9T4LZ5UtfzF69dv2tpUvzF3sXe5+/fbr7TvfM+bNnz89m35XMLkbTNyYAAAD8D528lev/5tT+/f9jpTj+Y/+/XP9/+X336/Jcifp/pPubfnVnAgAAcBh1dqMXXv/rz8aIMxqdTnw1v7x8pTt43H1+evBYaboP6UjeyvV/MlV3VgAAAEAVtlYbQ/v/F0pxHHD//9mfXvmlPGYSERMRlyOid3Lhcv9CdcsZa1X8UDmbqFP3SgEAAKjLRN7K+//t7P7/5u4tD82IePNExN/5b/jjgPV/8sG3P5fnKt//f6bSVY6f5vTgemT9dERruu6MAAAAeJodzVta7P/RXp/79NdjH3Xc/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQtX8CAAD//4ztMoY=") r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f00000000c0)='./bus\x00', 0x50, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYRESOCT, @ANYRES8=0x0, @ANYRESOCT, @ANYRESHEX=0x0, @ANYRESHEX, @ANYRESOCT, @ANYBLOB="a60b8f2f94f38c9c515f0a49abc35b272f81737b1b8fb0591ebfcd504abdec6006007f2d3331275784d9e3d3e712d86ca48a7445f18ab74b", @ANYRES64], 0x2, 0x62e, &(0x7f0000000cc0)="$eJzs3c1rXNcZB+DfHcmy5ICjNLbjlkBEDGmpqK0PlFbd1C2lqBBKSBddC1vGwmMnlZSihNKoX3TbRf6AdKFdV4VuCgVDum532WoZKHSTlbqacu/cGY1seTqKJc04eR5z55wz595z3/PO/ZgZIybAl9bKbMYfpsjK7BvbZXtvd7G5t7t4v1NPcj5JIxlvFykeJMXHyc20l3y1fLIernjSfj5cX37rk8/2Pm23xuulWr/Rb7vB7NRLZpKM1eVJjXfrqccrujMsE3atkzgYtnNJWof8/MpBT38Xnvq8BUZB0b5vdrXqM3u6Os0zWb8PaN8V2/fsZ9rOsAMAAACAM/D8fvaznYvDjgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeJfXv/1e/+j/ZfSrFTIrO7/9PdPrr+mgaMLKHjdMOBAAAAAAAAABO3yv72c92LnbarSKNJK9WjUvV43N5N5tZy0auZzur2cpWNjKfZLpnoInt1a2tjfkBtlw4csuFAQOeevo5AwAAAAAAAMAX0G+ycvD//wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAqKZKxdVMulTn06jfEkk0kmyvV2kn916s+yh8MOAAAAAM7A8/vZz3YudtqtovrMf6X63D+Zd/MgW1nPVppZy+3qu4D2p/7G3u5ic2938X65PD7u9/9zrDCqEdP+7uHoPV+t1pjKnaxXz1zPrbydZm6nUW1ZutqJ5+i4fl3GVHyvNmBkt+uynPkf6/L0jQ2wznSVkXPdjMzVsZXZeKF/Jg6/OjvH3dN8Gt1vfi6dQs4v1GWRPPfjM8v5IOpMvJI6Ews9R9+V/plIvv7XP//sbvPBvbt3NmdHZ0rHcL7VanXqjx4Tiz2ZeOkLn4lec1UmLnfbK/lRfprZzOTNbGQ9v8hqtrKWmfywqq3Wx3P5ON0/UzcPtd6sHqeeHMlE/bq0rx7Hi+nVatuLWc9P8nZuZy2vV/8WMp9vZylLWe55hS8PcNY3jnfWX/tGXSkn+If+Ez1jZV5fqPP6QXLomjtd9fU+c5ClFDnpa+P41+pKuY/f1uVoeDQT8z2ZeLH/8fKn6rKy2Xxwb+Pu6jsD7u+1uizPo9+P1F2iPF6+Ur5YVevw0VH2vXhk33zVd6nb13is73K37/+dqRP1e7jHR1qo+l46sm+x6rva03fU+y0ARt6Fb16YmPr31D+nPpr63dTdqTcmf3D+O+dfnsi5f5z77vjc2GuNl4u/5KP86uDzPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Pltvvf+vdVmc23jkUqr1frgCV2ftzKW42z197+d5N47v0d0gtM52crkcVZujUbMx6n8t9VqnciAO30O2hOrtGojkbohVYZ8YQJO3Y2t++/c2Hzv/W+td26RS0vLc8tLry/euLPeXJtrPw45SOBUHNz0hx0JAAAAAAAAAAAAMKiz+HOCYc8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeLatzGb8YYrMz12fK9t7u4vNcunUD9YcT9JIUvwyKT5Obqa9ZLpnuOJJ+/lwffmtTz7b+/RgrPHO+o1+2w1mp14yk2SsLk9qvFtPPV7RnWGZsGudxMGw/S8AAP//C8wPrA==") creat(&(0x7f0000000000)='./file1\x00', 0x0) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) eventfd(0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) open(0x0, 0x140, 0x20) syz_open_procfs(0x0, &(0x7f0000000200)='oom_score\x00') prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000009c0)=0x1) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/rcu_expedited', 0x101a02, 0x0) write$tcp_congestion(r3, &(0x7f0000000140)='hybla\x00', 0x6) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioperm(0xa1, 0x7, 0xab39) timer_create(0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="043e1f0a"], 0x22) r4 = openat$cgroup_ro(r0, &(0x7f0000000080)='pids.current\x00', 0x275a, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x2000402) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000180)=@o_path={&(0x7f0000000140)='./file1\x00', 0xffffffffffffffff, 0x4000, r4}, 0x18) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r0, 0xf502, 0x0) 13.451371615s ago: executing program 1: syz_mount_image$xfs(&(0x7f0000000800), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000000)={[{@largeio}, {@usrquota}]}, 0x5, 0xb8e1, &(0x7f0000013cc0)="$eJzs3QtsXXUdwPHTru1WUFlEoxEJZYMNhFHaznU8lLaMjTIoyASq4zWgjMlghi0Kg0jRGFBCphJfIUZeIgbiA2d8gGFqYCCBjSAMRAUTGWDCa5gNNVBzes/t2ruuof/t/6+jn0+ynnvO7e/s9n77P5eSte2eu6Ajy2qykt6s0g3Lj32u8cb2H3xz2n2HL7626vXS0bZJxd0NxXbfYjsl6z9ZW367unSo5jurf1Gd71QPPu9u9fVV78my9xW7bcW2tbS5vKn8fn0VisOTy/dXDzyMqq+W/gyoz998ec6U8wafJ3/HLMsO3eYDHae62+fNLZ6TbFC3CcXdVVvv69/WlP4c9ccsO2pttt3PjzGVP87JZ6z6wpNj/UB2Bd3t8zor+rcVnauK9dhQuQbHo8rP83PPbFpWPIVVg69Hu5ru9rnHZyOs43/+5Ru9faXrZm2WZXVZlk3MsmzSWPdg52jvaOnIr/nl/SJ7ef1PHu7z4s7/Xv2zLMveXbxOHFZ+LQB2Le0dLUcPs/7rRlr/dx23/ibrH3Z9ne0dLflar1j/k0Za/9PuPmZh8UV3a2nqrbH9IAAAAACAYS2/bOWFi5Yu7bnEDTfccGPgxlhfmYDYti76sX4kQGop/nNirD9GAAAAGO86u9pfmlA15NCEwTt7P9zTv525pfuClXfPOaG8Le6eP8wph3yff19fX9/q05eeU+xOrPh+2UmVw/n5l9y36NJit6Hy+w9q+4/WZmefv2Rpz6H5XzW1Nrs032nKzzutNvtavtOc70yvzW7Pd1r6d+qzNfnOIecuW3pefuCAwGfsnaWzqzebMKRYNuSzYXD/Jff1/qq8HeGU5bP1/1CJvP/mplvuqrivbDv9B86/7//hzxd4Rxld/2uuKW9HOOU263/94llNw923/f4D55+if1zDXP+HNKq87ldc/xuGOeXA/K9P+/pzef8ZP113bXGo5u1c/wedf2pl//6TD1z/81PtV77+568t++/QkzEOdXZd9dJI63/k/jUfKt6tetDswNla+m77TN7/nuvaHi8O1Y6y/34jrf+qhm2uJ4xSZ9dNfRXrfxT9s+nDnHKgybvmdK7O+7/25iOPDrpvNP33r+zfuOKizzYuv2zljCUXLVrcs7jn4pbmWa3NrU2zZ89q7L8klN7u2JMyjuzY+s92q5ipyrL9B+ZnX3HMhrz/n28+9dbi0KRR9p824vo/e+hjZZAp1VldXXbpohUrLmkqvS3vNpfelt5tmP6jeP2fWv4iqr7YVmXZBwfmD7zy9YPz/ndu2HRLcahulP2nj9S/buvfS6AdXP/nVcwM6f/QIz035/2XH/ThC4tDo339P2DE9d9r/e+ozq6K/+Gzk+X9T958xMbA8QN9/RdXiv71G1tXBY5/RP+4UvRf82LL7YHjB+kfV4r+997feEbg+MH6x5Wi/+cePGhl4PgM/eNK0X/GU9P3DBw/RP+4UvT/xxNTZwaON+ofV4r+Jz174dWB44fqH1eK/t99ZdmNgeNN+seVov/v+859MHC8Wf+4UvTf/dXFLweOt+gfV4r+K565fK/A8Zn6x5Wi/2/XX3lk4PhH9Y8rRf+Na5afEjg+S/+4UvRvXPf5SwLHW/WPK0X/F1/44W8Cx2frH1eK/g3P3/K9wPHD9I8rRf/Lt/zkX4Hjh+sfV4r+d71xx2OB40foH1eK/g9v+OW0wPEj9Y8rRf+aJ38e+u80P6Z/XCn6n/XAvRcEjn9c/7hS9P/W2rtPDBw/avv9a3bWQxzXUvTve/bEZwPH26z/uFL0n/XK/NDfD9uuf1wp+l/UN+/HgeMd+seVov+trx79lcDxo/WPK0X/p58564rA8Tn6x5Wi/3vXL1wYOH6M/nGl6N+55rTmwPG5+seVon/vugXvDxyfp39cKfrPfeFLfw0cP1b/uFL0X/X81f8JHO/UP64U/f+05drrA8eP0z+uFP33fmPV6sDx+frHlaL/ORuubw8cP17/uFL0v+PJb58fOH6C/nGl6P/qAzfsETjepX9cKfoftvb7oT9s/UT940rR/7rXNtwQOH6S/nGl6D/nrcfuCRz/hP5xpei/z8vPPB44frL+caXo/8Tfn94UOL5A/7hS9P/RI2snBo5/Uv+4UvQ/+3d/GO73hLwdp+gfV4r+Rzy6rjNw/FT940rRf9PfHro4cPw0/eNK0X/mv/e6LXC8W/+4UvR/c/M+VwWOf0r/uFL0v23jni8Ejn9a/7hS9F/24gfWBY4v1D+uFP0n37/74YHjp+sfV4r+Tz24x96B42foH1eK/l98asKKwPEz9Y8rRf/5T0xcEDh+lv4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPyPHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCnt3Am/5XPh//MzKCCGVFI2dsitLKkbW0mILkSXryBayF1pkaSEp0mInbQoVslSkiKypVEppUZLs+/8xZq4Y7/Gb+vf7TXk/n4/H3HPPOd85PvfzOp/vPe73nu8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBtttPp6qwwGIyddO/Bp9x+3+5q3LnH8uFOOXvDSV213+LC7Jt668vST7h772GQGjz/YyhPuGz5xk5HHnH3K8AlXhj/5cWcYM2bYzINhs+dR7bfZ/zDsWYY+mfigYweDwbDDJv55wpgJH1a65ZYb/ofHqrbRuDVWnzB5E/880W3EpLsn3f7E5yMn/llx88FgxU0HU3x+THvr3nbTPdN6DP8NNhq3xlqT9R9M6vx498nXd6vJn+fnXrvjitM03L/JRuNWX3tC6ymt49M2XPmUxx7fr488fjAYecJgMPLEwWDkSdO6B/8e41ZZZpUJ+/yh6xOrHzj0giDt34fNs97GMwwGg1ETv0+MPHnoewHw32XcKsu8Lqz/0UP3p/W/0i0zz2n9w3+/tcatsszgSa/zJ9564ND/38f1f+uIdY6cdiMGAAAA/lmP3n7ehZOO9Q0fDOYeTHa893GTfi4w7MyLr756mg30P0M4Tvb035n4LzOh8/RnjB0Mdt5gWg+FaWDYtB4A05T+3fTvpn83/bvp303/bvp307+b/t3076Z/N/276V9sCsf/Zxm6HHfU+q+dtOkCy82+4dmT//0Jt03/fz7qaebZevx/MH7YxJYTmo8fDAZvGrfu+gsPBoOzN5x9uXkHT9y3/IT7VpxtxKQTBCz8+McFpvDAY598OcMTj3Hm44+/1mMnjBg22SCe5I2rnr/v9hvd94rJLxea8tfxxPklzl5r1RmH3ssyfLKNpvRcHXr8oa9l8s6Txr7whLEvscdOuy6x+z77LjZ+py2322a7bXZeZulll1t6uaWWX37ZJbYdv+M2S078OIU5mzgr803NnI2efM5uH/fkOZv8a5vSnI195jl7/BFvPXLDc4fmbOQ/OWfzPfOcjR0/NNaxowZbPD41E/6T848a7D3hylLTPWnfMseEbV892/DB4Ih/fKETPpvuiefgsAPH/xvOWzLpcp5Jl/PG85acM6XzlgyGzlsydMKEFSZe7HHB0HaTv8960s1Tfd6SvVZ5eN7B096X9b/iX/r+/7Reyw97YqKGThoyaZuJvf5xnomhaVv5SeeZWC6dS+bf6WnjHTv8ied1Gu+k98UNm2z+n+l9cYPttt1/gUlRl5v4tx79l6Pkfcfaj3+c0noeO9nlM+07Rvzj03/cus2Vc02+73jDlIf4lHUxNEfTTbbRlPYde2956fgn75umsO9Ye/ykNxr/Y98x4T8739C+Y8LYFxw1OGLClaUnXFlo1OD0CVeWefzKmMHFE64svtUuO2497PHvV097Hiw87Cm/8Biet6tP9rydivPjrHT5YLDSZenrmvJ0Zul5O/oZxpvfzz14xvdzX7TlPGcNBoOZJn1dKwyN/V+Rxjvymccbzj8xeKbzTwxOuHrPk/7N431inT3+XJu0m154Cn/nKetslqets4NGPGllTO3rmq3D9hM/n+OJRztxm6uuGJqjUZM97v/0PXroa0n9h17zPdmwAwfDnmlupvQ67ClzM/Mzz83Uvn5ZeNILjDHPMDeL3nXAIkNzM/qfnJuFpjA3T349/GSjB4MxT52bkYPVJryimTQ3C07N3Mz473nezBC2n/j5Ak/cdONq+y8/NDdhLuL3/6HHX/CfnJthWzzxvJn/8fvmHT4YPXqw95Z77LHbUhM/Dl1deuLHZ16D80/NXE7/75nLOSftdYY/fXKeuGmHUx9b5l9dg/P/s3M5djB86P+5x0++WP59/Pynm/7d9O+mfzf9u+nfTf9u+hebwvH/sUM/Fzx02MnrTfphzKhL7pt1j2k93mnsWX38f1Lfpxz/32PW+y4ZPnjivmc8Pjtxm//I47PLTbzYb6mh7SY/Pjjp5qk+PnvP4ZdtPPi/OT77Lxlaq1Pxc0P7/276d9O/m/7d9O+mf7d/tv9K/0vjYNqw/rvp303/bvp307+b/t30LzaF4/9LDv0ewDW7P3zypAOho3Zff8WHpvV4p7Fn9fH/SX2fcvz/oRXX33344In7nvH4/8RtOo7/r3jzsQcP/oOP/w+tVcf/+R/o303/bvp307+b/t3076Z/N/276d9N/276d9O/m/7FpnD8f+Wh3wMYtfN88w39PsB1dxwyYlqPdxp7th7/9+//97L/76Z/N/276d9N/276d9O/m/7d9O+mfzf9u+nfTf9u+hebdPx/MNk/e/gWz4soHP//7zaF/uvoH7X0X1f/qKX/evpHLf3X1z9q6b+B/lFL/7fqH7X031D/qKX/RvpHLf031j9q6f82/aOW/pvoH7X031T/qKX/2/WPWvpvpn/U0n9z/aOW/lvoH7X031L/qKX/O/SPWvpvpX/U0n9r/aOW/tvoH7X031b/qKX/dvpHLf231z9q6T9e/6il/w76Ry3936l/1NJ/R/2jlv476R+19N9Z/6il/y76Ry39d9U/aun/Lv2jlv676R+19N9d/6il/x76Ry39361/1NJ/T/2jlv576R+19N9b/6il/z76Ry3999U/aum/n/5RS//99Y9a+r9H/6il/3v1j1r6H6B/1NL/QP2jlv4H6R+19H+f/lFL//frH7X0/4D+UUv/D+oftfQ/WP+opf+H9I9a+h+if9TS/1D9o5b+h+kftfQ/XP+opf+H9Y9a+n9E/6il/0f1j1r6f0z/qKX/EWX9R0/ldi39jyzrP7Va+n9c/6il/1H6Ry39P6F/1NL/aP2jlv6f1D9q6f8p/aOW/sfoH7X0P1b/qKX/p/WPWvofp3/U0v8z+kct/T+rf9TS/3P6Ry39P69/1NL/eP2jlv4n6B+19D9R/6il/0n6Ry39T9Y/aul/iv5RS/9T9Y9a+p+mf9TS/3T9o5b+X9A/aul/hv5RS/8v6h+19P+S/lFL/y/rH7X0/4r+UUv/r+oftfQ/U/+opf/X9I9a+n9d/6il/1n6Ry39z9Y/aul/jv5RS/9v6B+19P+m/lFL/2/pH7X0P1f/qKX/efpHLf3P1z9q6f9t/aOW/hfoH7X0v1D/qKX/RfpHLf0v1j9q6f8d/aOW/t/VP2rp/z39o5b+l+gftfS/VP+opf/39Y9a+l+mf9TS/wf6Ry39f6h/1NL/cv2jlv5X6B+19P+R/lFL/yv1j1r6X6V/1NL/x/pHLf2v1j9q6X+N/lFL/2v1j1r6X6d/1NL/ev2jlv436B+19P+J/lFL/xv1j1r6/1T/qKX/z/SPWvr/XP+opf9N+kct/X+hf9TS/5f6Ry39f6V/1NL/Zv2jlv6/1j9q6f8b/aOW/rfoH7X0/63+UUv/3+kftfS/Vf+opf/v9Y9a+v9B/6il/x/1j1r6/0n/qKX/bfpHLf3/rH/U0v8v+kct/W/XP2rp/1f9o5b+d+gftfT/m/5RS/879Y9a+v9d/6il/136Ry3979Y/aul/j/5RS/979Y9a+t+nf9TS/379o5b+D+gftfR/UP+opP+Ygf5RSf/Bw/pHLf0f0T9q6f+o/lFL/8f0j0r6DxvoH7X0H6Z/1NJ/uP5RS/8R+kct/UfqH7X0H6V/1NJ/tP5RS//p9I9a+k+vf9TSf4z+UUv/GfSPWvo/R/+opf+M+kct/WfSP2rpP7P+UUv/5+oftfSfRf+opf+s+kct/WfTP2rp/zz9o5b+s+sftfR/vv5RS/8X6B+19H+h/lFL/zn0j1r6v0j/qKX/nPpHLf1frH/U0v8l+kct/efSP2rpP7f+UUv/l+oftfQfq3/U0n8e/aOW/vPqH7X0n0//qKX//PpHLf0X0D9q6b+g/lFL/4X0j1r6L6x/1NJ/Ef2jlv4v0z9q6f9y/aOW/ovqH7X0X0z/qKX/4u39H3psoslubum/RHv/KWjpv6T+UUv/pfSPWvovrX/U0n8Z/aOW/q/QP2rp/0r9o5b+y+oftfRfTv+opf/y+kct/VfQP2rp/yr9o5b+K+oftfR/tf5RS//X6B+19H+t/lFL/5X0j1r6r6x/1NJ/nP5RS/9V9I9a+r9O/6il/6r6Ry39V9M/aum/uv5RS/819I9a+q+pf9TSfy39o5b+r9c/aun/Bv2jlv5r6x+19H+j/lFL/zfpH7X0f7P+UUv/t+gftfRfR/+opf+6+kct/dfTP2rpv77+UUv/DfSPWvq/Vf+opf+G+kct/TfSP2rpv7H+UUv/t+kftfTfRP+opf+m+kct/d+uf9TSfzP9o5b+m+sftfTfQv+opf+W+kct/d+hf9TSfyv9o5b+W+sftfTfRv+opf+2+kct/bfTP2rpv73+UUv/8fpHLf130D9q6f9O/aOW/jvqH7X030n/qKX/zvpHLf130T9q6b/rlPuP+T8Z13+olv7vsv6jlv676R+19N9d/6il/x76Ry39361/1NJ/T/2jlv576R+19N9b/6il/z76Ry3999U/aum/n/5RS//99Y9a+r9H/6il/3v1j1r6H6B/1NL/wLb+U/lbDS39D2rrP5Va+r9P/6il//v1j1r6f0D/qKX/B/WPWvofrH/U0v9D+kct/Q/RP2rpf6j+UUv/w/SPWvofrn/U0v/D+kct/T+if9TS/6P6Ry39P6Z/1NL/CP2jlv5H6h+19P+4/lFL/6P0j1r6f0L/qKX/0fpHLf0/qX/U0v9T+kct/Y/RP2rpf6z+UUv/T+sftfQ/Tv+opf9n9I9a+n9W/6il/+f0j1r6f17/qKX/8fpHLf1P0D9q6X+i/lFL/5P0j1r6n6x/1NL/FP2jlv6n6h+19D9N/6il/+n6Ry39v6B/1NL/DP2jlv5f1D9q6f8l/aOW/l/WP2rp/xX9o5b+X9U/aul/pv5RS/+v6R+19P+6/lFL/7P0j1r6n61/1NL/HP2jlv7f0D9q6f9N/aOW/t/SP2rpf67+UUv/8/SPWvqfr3/U0v/b+kct/S/QP2rpf6H+UUv/i/SPWvpfrH/U0v87+kct/b+rf9TS/3v6Ry39L9E/aul/qf5RS//v6x+19L9M/6il/w/0j1r6/1D/qKX/5fpHLf2v0D9q6f8j/aOW/lfqH7X0v0r/qKX/j/WPWvpfrX/U0v8a/aOW/tfqH7X0v07/qKX/9fpHLf1v0D9q6f8T/aOW/jfqH7X0/+lgMBg9rcb0H6yl/8+s/6il/8/1j1r636R/1NL/F/pHLf1/qX/U0v9X+kct/W/WP2rp/2v9o5b+v9E/aul/i/5RS//f6h+19P+d/lFL/1v1j1r6/17/qKX/H/SPWvr/Uf+opf+f9I9a+t+mf9TS/8/6Ry39/6J/1NL/dv2jlv5/1T9q6X+H/lFL/7/pH7X0v1P/qKX/3/WPWvrfpX/U0v9u/aOW/vfoH7X0v1f/qKX/ffpHLf3v1z9q6f+A/lFL/wf1j1r6P6R/1NL/Yf2jlv6P6B+19H9U/6il/2P6RyX9H/9U/6dr6T9M/6il/3D9o5b+I/SPWvqP1D9q6T9K/6il/2j9o5b+0+kftfSfXv+opf8Y/aOW/jPoH7X0f47+UUv/GfWPWvrPpH/U0n9m/aOW/s/VP2rpP4v+UUv/WfWPWvrPpn/U0v95+kct/WfXP2rp/3z9o5b+L9A/aun/Qv2jlv5z6B+19H+R/lFL/zn1j1r6v1j/qKX/S/SPWvrPpX/U0n9u/aOW/i/VP2rpP1b/qKX/PPpHLf3n1T9q6T+f/lFL//n1j1r6L6B/1NJ/Qf2jlv4L6R+19F9Y/6il/yL6Ry39X6Z/1NL/5fpHLf0X1T9q6b+Y/lFL/8X1j1r6L6F/1NJ/Sf2jlv5L6R+19F9a/6il/zL6Ry39X6F/1NL/lfpHLf2X1T9q6b+c/lFL/+X1j1r6r6B/1NL/VfpHLf1X1D9q6f9q/aOW/q/RP2rp/1r9o5b+K+kftfRfeQr9Z1vi/2pg/5la+o+z/qOW/qvoH7X0f53+UUv/VfWPWvqvpn/U0n91/aOW/mvoH7X0X1P/qKX/WvpHLf1fr3/U0v8N+kct/dfWP2rp/0b9o5b+b9I/aun/Zv2jlv5v0T9q6b+O/lFL/3X1j1r6r6d/1NJ/ff2jlv4b6B+19H+r/lFL/w31j1r6b6R/1NJ/Y/2jlv5v0z9q6b+J/lFL/031j1r6v13/qKX/ZvpHLf031z9q6b+F/lFL/y31j1r6v0P/qKX/VvpHLf231j9q6b+N/lFL/231j1r6b6d/1NJ/e/2jlv7j9Y9a+u+gf9TS/536Ry39d9Q/aum/k/5RS/+d9Y9a+u+if9TSf1f9o5b+79I/aum/m/5RS//d9Y9a+u+hf9TS/936Ry3999Q/aum/l/5RS/+99Y9a+u+jf9TSf1/9o5b+++kftfTfX/+opf979I9a+r9X/6il/wH6Ry39D9Q/aul/kP5RS//36R+19H+//lFL/w/oH7X0/6D+UUv/g/WPWvp/SP+opf8h+kct/Q/VP2rpf5j+UUv/w/WPWvp/WP+opf9H9I9a+n9U/6il/8f0j1r6H6F/1NL/SP2jlv4f1z9q6X+U/lFL/0/oH7X0P1r/qKX/J/WPWvp/qqz/gVO5XUv/Y8r6T62W/sfqH7X0/7T+UUv/4/SPWvp/Rv+opf9n9Y9a+n9O/6il/+f1j1r6H69/1NL/BP2jlv4n6h+19D9J/6il/8n6Ry39T9E/aul/qv5RS//T9I9a+p+uf9TS/wv6Ry39z9A/aun/Rf2jlv5f0j9q6f9l/aOW/l/RP2rp/1X9o5b+Z+oftfT/mv5RS/+v6x+19D9L/6il/9n6Ry39z9E/aun/Df2jlv7f1D9q6f8t/aOW/ufqH7X0P0//qKX/+fpHLf2/rX/U0v8C/aOW/hfqH7X0v0j/qKX/xfo/xdyTLlv6f0f/qKX/d/WPWvp/T/+opf8l+kct/S/VP2rp/339o5b+l+kftfT/gf5RS/8f6h+19L9c/6il/xX6Ry39f6R/1NL/Sv2jlv5X6R+19P+x/lFL/6v1j1r6X6N/1NL/Wv2jlv7X6R+19L9e/6il/w36Ry39f6J/1NL/Rv2jlv4/1T9q6f8z/aOW/j/XP2rpf5P+UUv/X+gftfT/pf5RS/9f6R+19L9Z/6il/6/1j1r6/0b/qKX/LfpHLf1/q3/U0v93+kct/W/VP2rp/3v9o5b+f9A/aun/R/2jlv5/0j9q6X+b/lFL/z/rH7X0/4v+UUv/2/WPWvr/Vf+opf8d+kct/f+mf9TS/079o5b+f9c/aul/l/5RS/+79Y9a+t+jf9TS/179o5b+9+kftfS/X/+opf8D+kct/R/UP2rp/5D+UUv/h/WPWvo/on/U0v9R/aOW/o/pH5X0HzHQP2rpP0z/qKX/cP2jlv4j9I9a+o/UP2rpP0r/qKX/aP2jlv7T6R+19J9e/6il/xj9o5b+M+gftfR/jv5RS/8Z9Y9a+s+kf9TSf2b9o5b+z9U/auk/i/5RS/9Z9Y9a+s+mf9TS/3n6Ry39Z9c/aun/fP2jlv4v0D9q6f9C/aOW/nPoH7X0f5H+UUv/OfWPWvq/WP+opf9L9I9a+s+lf9TSf279o5b+L9U/auk/Vv+opf88+kct/efVP2rpP5/+UUv/+fWPWvovoH/U0n9B/aOW/gvpH7X0X1j/qKX/IvpHLf1fpn/U0v/l+kct/RfVP2rpv5j+UUv/xfWPWvovoX/U0n9J/aOW/kvpH7X0X1r/qKX/MvpHLf1foX/U0v+V+kct/ZfVP2rpv5z+UUv/5Xv7T/dMd7b0X6G3/zNq6f8q/aOW/ivqH7X0f7X+UUv/1+gftfR/rf5RS/+V9I9a+q+sf9TSf5z+UUv/VfSPWvq/Tv+opf+q+kct/VfTP2rpv7r+UUv/NfSPWvqvqX/U0n8t/aOW/q/XP2rp/wb9o5b+a+sftfR/o/5RS/836R+19H+z/lFL/7foH7X0X0f/qKX/uvpHLf3X0z9q6b++/lFL/w30j1r6v1X/qKX/hvpHLf030j+a2H/6wbO9/8b6Ry3r/236Ry39N9E/aum/qf5RS/+36x+19N9M/6il/+b6Ry39t9A/aum/pf5RS/936B+19N9K/6il/9b6Ry39t9E/aum/rf5RS//t9I9a+m+vf9TSf7z+UUv/HfSPWvq/U/+opf+O+kct/XfSP2rpv7P+UUv/XfSPWvrvqn/U0v9d+kct/XfTP2rpv7v+UUv/PfSPWvq/W/+opf+e+kct/ffSP2rpv7f+UUv/ffSPWvrvq3/U0n8//aOW/vvrH7X0f4/+UUv/9+oftfQ/QP+opf+B+kct/Q/SP2rp/z79o5b+79c/aun/Af2jlv4f1D9q6X+w/kMee+xJV1r6f0j/qKX/IfpHLf0P1T9q6X+Y/lFL/8P1j1r6f1j/qKX/R/SPWvp/VP+opf/H9I9a+h+hf9TS/0j9o5b+H9c/aul/lP5RS/9P6B+19D9a/6il/yf1j1r6f0r/qKX/MfpHLf2P1T9q6f9p/aOW/sfpH7X0/4z+UUv/z+oftfT/nP5RS//P6x+19D9e/6il/wn6Ry39T9Q/aul/kv5RS/+T9Y9a+p+if9TS/1T9o5b+p+kftfQ/Xf+opf8X9I9a+p+hf9TS/4v6Ry39v6R/1NL/y/pHLf2/on/U0v+r+kct/c/UP2rp/zX9o5b+X9c/aul/lv5RS/+z9Y9a+p+jf9TS/xv6Ry39v6l/1NL/W/pHLf3P1T9q6X+e/lFL//P1j57N/Vf+x60jvq1/9Gzu/+T1f4H+UUv/C/WPWvpfpH/U0v9i/aOW/t/RP2rp/139o5b+39M/aul/if5RS/9L9Y9a+n9f/6il/2X6Ry39f6B/1NL/h/pHLf0v1z9q6X+F/lFL/x/pH7X0v1L/qKX/VfpHLf1/rH/U0v9q/aOW/tfoH7X0v1b/qKX/dfpHLf2v1z9q6X+D/lFL/5/oH7X0v1H/qKX/T/WPWvr/TP+opf/P9Y9a+t+kf9TS/xf6Ry39f6l/1NL/V/pHLf1v1j9q6f9r/aOW/r/RP2rpf4v+UUv/3+oftfT/nf5RS/9b9Y9a+v9e/6il/x/0j1r6/1H/qKX/n/SPWvrfpn/U0v/P+kct/f+if9TS/3b9o5b+f9U/aul/h/5RS/+/6R+19L9T/6il/9/1j1r636V/1NL/bv2jlv736B+19L9X/6il/336Ry3979c/aun/gP5RS/8H9Y9a+j+kf9TS/2H9o5b+j+gftfR/VP+opf9j+kcl/UcO9I9a+g/TP2rpP/x/7D/if3dc/6Fa+o+w/qOW/iP1j1r6j9I/auk/Wv+opf90+kct/afXP2rpP0b/qKX/DPpHLf2fo3/U0n9G/aOW/jPpH7X0n1n/qKX/c/WPWvrPon/U0n9W/aOW/rPpH7X0f57+UUv/2fWPWvo/X/+opf8L9I9a+r9Q/6il/xz6Ry39X6R/1NJ/Tv2jlv4v1j9q6f8S/aOW/nPpH7X0n1v/qKX/S/WPWvqP1T9q6T+P/lFL/3n1j1r6z6d/1NJ/fv2jlv4L6B+19F9Q/6il/0L6Ry39F9Y/aum/iP5RS/+X6R+19H+5/lFL/0X1j1r6L6Z/1NJ/cf2jlv5L6B+19F9S/6il/1L6Ry39l9Y/aum/jP7Rs7j/mCfdOvIV+kfP4v5PWf+v1D9q6b+s/lFL/+X0j1r6L69/1NJ/Bf2jlv6vquk//T+1dUv/FWv6/3Na+r9a/6il/2v0j1r6v1b/qKX/SvpHLf1X1j9q6T9O/6il/yr6Ry39X6d/1NJ/Vf2jlv6r6R+19F9d/6il/xr6Ry3919Q/aum/lv5RS//X6x+19H+D/lFL/7X1j1r6v1H/qKX/m/SPWvq/Wf+opf9b9I9a+q+jf9TSf139o5b+6+kftfRfX/+opf8G+kct/d+qf9TSf0P9o5b+G+kftfTfWP+opf/b9I9a+m+if9TSf1P9o5b+b9c/aum/mf5RS//N9Y9a+m+hf9TSf0v9o5b+79A/aum/lf5RS/+t9Y9a+m+jf9TSf1v9o5b+2+kftfTfXv+opf94/aOW/jvoH7X0f6f+UUv/HfWPWvrvpH/U0n9n/aOW/rvoH7X031X/qKX/u/SPWvrvpn/U0n93/aOW/nvoH7X0f7f+UUv/PfWPWvrvpX/U0n9v/aOW/vvoH7X031f/qKX/fvpHLf331z9q6f8e/aOW/u/VP2rpf4D+UUv/A/WPWvofpH/U0v99+kct/d+vf9TS/wP6Ry39P6h/1NL/YP2jlv4f0j9q6X+I/lFL/0P1j1r6H6Z/1NL/cP2jlv4f1j9q6f8R/aOW/h/VP2rp/zH9o5b+R+gftfQ/Uv+opf/H9Y9a+h+lf9TS/xP6Ry39j9Y/aun/Sf2jlv6f0j9q6X+M/lFL/2P1j1r6f1r/qKX/cfpHLf0/o3/U0v+z+kct/T+nf9TS//P6Ry39j9c/aul/gv5RS/8T9Y9a+p+kf9TS/2T9o5b+p+gftfQ/Vf+opf9p+kct/U/XP2rp/wX9o2dz/+n/cevIM/SPns39n7z+v6h/1NL/S/pHLf2/rH/U0v8r+kct/b+qf9TS/0z9o5b+X9M/aun/df2jlv5n6R+19D9b/6il/zn6Ry39v6F/1NL/m/pHLf2/pX/U0v9c/aOW/ufpH7X0P1//qKX/t/WPWvpfoH/U0v9C/aOW/hfpH7X0v1j/qKX/d/SPWvp/V/+opf/39I9a+l+if9TS/1L9o5b+39c/aul/mf5RS/8f6B+19P+h/lFL/8v1j1r6X6F/1NL/R/pHLf2v1D9q6X+V/lFL/x/rH7X0v1r/qKX/NfpHLf2v1T9q6X9dXf8bHpuarVr6X1/Xf+q09L9B/6il/0/0j1r636h/1NL/p/pHLf1/pn/U0v/n+kct/W/SP2rp/wv9o5b+v9Q/aun/K/2jlv436x+19P+1/lFL/9/oH7X0v0X/qKX/b/WPWvr/Tv+opf+t+kct/X+vf9TS/w/6Ry39/6h/1NL/T/pHLf1v0z9q6f9n/aOW/n/RP2rpf7v+UUv/v+oftfS/Q/+opf/f9I9a+t+pf9TS/+/6Ry3979I/aul/t/5RS/979I9a+t+rf9TS/z79o5b+9+sftfR/QP+opf+D+kct/R/SP2rp/7D+UUv/R/SPWvo/qn/U0v8x/aOS/qMG+kct/YfpH7X0H65/1NJ/hP5RS/+R+kct/UfpH7X0H61/1NJ/Ov2jlv7T6x+19B+jf9TSfwb9o5b+z9E/auk/o/7RE/03GTYYPIv7z6R/1LL+Z9Y/aun/XP2jlv6z6B+19J9V/6il/2z6Ry39n6d/1NJ/dv2jlv7P1z9q6f8C/aOW/i/UP2rpP4f+UUv/F+kftfSfU/+opf+L9Y9a+r9E/6il/1z6Ry3959Y/aun/Uv2jlv5j9Y9a+s+jf9TSf179o5b+8+kftfSfX/+opf8C+kct/RfUP2rpv5D+UUv/hfWPWvovon/U0v9l+kct/V+uf9TSf1H9o5b+i+kftfRfXP+opf8S+kct/ZfUP2rpv5T+UUv/pfWPWvovo3/U0v8V+kct/V+pf9TSf1n9o5b+y+kftfRfXv+opf8K+kct/V+lf9TSf0X9o5b+r9Y/aun/Gv2jlv6v1T9q6b+S/lFL/5X1j1r6j9M/aum/iv5RS//X6R+19F9V/6il/2r6Ry39V9c/aum/hv5RS/819Y9a+q+lf9TS//X6Ry3936B/1NJ/bf2jlv5v1D9q6f8m/aOW/m/WP2rp/xb9o5b+6+gfTeh//WAweLb3X1f/qGX9r6d/1NJ/ff2jlv4b6B+19H+r/lFL/w31j1r6b6R/1NJ/Y/2jlv5v0z9q6b+J/lFL/031j1r6v13/qKX/ZvpHLf031z9q6b+F/lFL/y31j1r6v0P/qKX/VvpHLf231j9q6b+N/lFL/231j1r6b6d/1NJ/e/2jlv7j9Y9a+u+gf9TS/536Ry39d9Q/aum/k/5RS/+d9Y9a+u+if9TSf1f9o5b+79I/aum/m/5RS//d9Y9a+u+hf9TS/936Ry3999Q/aum/l/5RS/+99Y9a+u+jf9TSf1/9o5b+++kftfTfX/+opf979I9a+r9X/6il/wH6Ry39D9Q/aul/kP5RS//36R+19H+//lFL/w/oH7X0/6D+UUv/g/WPWvp/SP+opf8h+kct/Q/VP2rpf5j+UUv/w/WPWvp/WP+opf9H9I9a+n9U/6il/8f0j1r6H6F/1NL/SP2jlv4f1z9q6X+U/lFL/0/oH7X0P1r/qKX/J/WPWvp/Sv+opf8x+kct/Y/VP2rp/2n9o5b+x+kftfT/jP5RS//P6h+19P+c/lFL/8/rH7X0P17/qKX/CfpHLf1P1D9q6X+S/lFL/5P1j1r6n6J/1NL/VP2jlv6n6R+19D9d/6il/xf0j1r6n6F/1NL/i1X91zx0ards6f+lqv5Tr6X/l/WPWvp/Rf+opf9X9Y9a+p+pf9TS/2v6Ry39v65/1NL/LP2jlv5n6x+19D9H/6il/zf0j1r6f1P/qKX/t/SPWvqfq3/U0v88/aOW/ufrH7X0/7b+UUv/C/SPWvpfqH/U0v8i/aOW/hfrH7X0/47+UUv/7+oftfT/nv5RS/9L9I9a+l+qf9TS//v6Ry39L9M/aun/A/2jlv4/1D9q6X+5/lFL/yv0j1r6/0j/qKX/lfpHLf2v0j9q6f9j/aOW/lfrH7X0v0b/qKX/tfpHLf2v0z9q6X+9/lFL/xv0j1r6/0T/qKX/jfpHLf1/qn/U0v9n+kct/X+uf9TS/yb9o5b+v9A/aun/S/2jlv6/0j9q6X+z/lFL/1/rH7X0/43+UUv/W/SPWvr/Vv+opf/v9I9a+t+qf9TS//f6Ry39/6B/1NL/j/pHLf3/pH/U0v82/aOW/n/WP2rp/xf9o5b+t+sftfT/q/5RS/879I9a+v9N/6il/536Ry39/65/1NL/Lv2jlv536x+19L9H/6il/736Ry3979M/aul/v/5RS/8H9I9a+j+of9TS/yH9o5b+D+sftfR/RP+opf+j+kct/R/TPyrpP3qgf9TSf5j+UUv/4fpHLf1H6B+19B+pf9TSf5T+UUv/0fpHLf2n0z9q6T+9/lFL/zH6Ry39Z9A/aun/HP2jlv4z6h+19J9J/6il/8z6Ry39n6t/1NJ/Fv2jlv6z6h+19J9N/6il//P0j1r6z65/1NL/+fpHLf1foH/U0v+F+kct/efQP2rp/yL9o5b+c+oftfR/sf5RS/+X6B+19J9L/6il/9z6Ry39X6p/1NJ/rP5RS/959I9a+s+rf9TSfz79o5b+8+sftfRfQP+opf+C+kct/RfSP2rpv7D+UUv/RfSPWvq/TP+opf/L9Y9a+i+qf9TSfzH9o5b+i+sftfRfQv+opf+S+kct/ZfSP2rpv7T+UUv/ZfSPWvq/Qv+opf8r9Y9a+i+rf9TSfzn9o5b+y+sftfRfQf+opf+r9I9a+q+of9TS/9X6Ry39X6N/1NL/tfpHLf1X0j9q6b+y/lFL/3H6Ry39V9E/aun/Ov2jlv6r6h+19F9N/6il/+r6Ry3919A/aum/pv5RS/+19I9a+r9e/6il/xv0j1r6r61/1NL/jfpHLf3fpH/U0v/N+kct/d+if9TSfx39o5b+6+oftfRfT/+opf/6+kct/TfQP2rp/1b9o5b+G+oftfTfSP+opf/G+kct/d+mf9TSfxP9o5b+m+oftfR/u/5RS//N9I9a+m+uf9TSfwv9o5b+W+oftfR/h/5RS/+t9I9a+m+tf9TSfxv9o5b+2+oftfTfTv+opf/2+kct/cfrH7X030H/qKX/O/WPWvrvqH/U0n8n/aOW/jvrH7X030X/qKX/rvpHLf3fpX/U0n83/aOW/rvrH7X030P/qKX/u/WPWvrvqX/U0n8v/aOW/nvrH7X030f/qKX/vvpHLf330z9q6b+//lFL//foH7X0f6/+UUv/A/SPWvofqH/U0v8g/aOW/u/TP2rp/379o5b+H9A/aun/Qf2jlv4H6x+19P+Q/lFL/0P0j1r6H6p/1NL/MP2jlv6H6x+19P+w/lFL/4/oH7X0/6j+UUv/j+kftfQ/Qv+opf+R+kct/T+uf9TS/yj9o5b+n9A/aul/tP5RS/9P6h+19P+U/lFL/2P0j1r6H6t/1NL/0/pHLf2P0z9q6f8Z/aOW/p/VP2rp/zn9o5b+n9c/aul/vP5RS/8T9I9a+p+of9TS/yT9o5b+J+sftfQ/Rf+opf+p+kct/U/TP2rpf7r+UUv/L+gftfQ/Q/+opf8X9Y9a+n9J/6il/5f1j1r6f0X/qKX/V/WPWvqfqX/U0v9r+kct/b+uf9TS/yz9o5b+Z+sftfQ/R/+opf839I9a+n9T/6il/7f0j1r6n6t/1NL/PP2jlv7n6x+19P+2/lFL/wv0j1r6X6h/1NL/Iv2jlv4X6x+19P+O/lFL/+/qH7X0/57+UUv/S/SPWvpfqn/U0v/7+kct/S/TP2rp/wP9o5b+P9Q/aul/uf5RS/8r9I9a+v9I/6il/5X6Ry39r9I/aun/Y/2jlv5X6x+19L9G/6il/7X6Ry39r9M/aul/vf5RS/8b9I9a+v9E/6il/436Ry39f6p/1NL/Z/pHLf1/rn/U0v8m/aOW/r/QP2rp/0v9o5b+v9I/aul/s/5RS/9f6x+19P+N/lFL/1v0j1r6/1b/qKX/7/SPWvrfqn/U0v/3+kct/f+gf9TS/4/6Ry39/6R/1NL/Nv2jlv5/1j9q6f8X/aOW/rfrH7X0/6v+UUv/O/SPWvr/Tf+opf+d+kct/f+uf9TS/y79o5b+d+sftfS/R/+opf+9+kct/e/TP2rpf7/+UUv/B/SPWvo/qH/U0v8h/aOW/g/rH7X0f0T/qKX/o/pHLf0f0z8q6T/dQP+opf8w/aOW/sP1j1r6j9A/auk/Uv+opf8o/aOW/qP1j1r6T6d/1NJ/ev2jlv5j9I9a+s+gf9TS/zn6Ry39Z9Q/auk/k/5RS/+Z9Y9a+j9X/6il/yz6Ry39Z9U/auk/m/5RS//n6R+19J9d/6il//P1j1r6v0D/qKX/C/WPWvrPoX/U0v9F+kct/efUP2rp/2L9o5b+L9E/auk/l/5RS/+59Y9a+r9U/6il/1j9o5b+8+gftfSfV/+opf98+kct/efXP2rpv4D+UUv/BfWPWvovpH/U0n9h/aOW/ovoH7X0f5n+UUv/l+sftfRfVP+opf9i+kct/RfXP2rpv4T+UUv/JfWPWvovpX/U0n9p/aOW/svoH7X0f4X+UUv/V+oftfRfVv+opf9yU9H/zpn/Nwf2n6ml//LWf9TSfwX9o5b+r9I/aum/ov5RS/9X6x+19H+N/lFL/9fqH7X0X0n/qKX/yvpHLf3H6R+19F9F/6il/+v0j1r6r6p/1NJ/Nf2jlv6r6x+19F9D/6il/5r6Ry3919I/aun/ev2jlv5v0D9q6b+2/lFL/zfqH7X0f5P+UUv/N+sftfR/i/5RS/919I9a+q+rf9TSfz39o5b+6+sftfTfQP+opf9b9Y9a+m+of9TSfyP9o5b+G+sftfR/m/5RS/9N9I9a+m+qf9TS/+36Ry39N9M/aum/uf5RS/8t9I9a+m+pf9TS/x36Ry39t9I/aum/tf5RS/9t9I9a+m+rf9TSfzv9o5b+2+sftfQfr3/U0n8H/aOW/u/UP2rpv6P+UUv/nfSPWvrvrH/U0n8X/aOW/rvqH7X0f5f+UUv/3fSPWvrvrn/U0n8P/aOW/u/WP2rpv6f+UUv/vfSPWvrvrX/U0n8f/aOW/vvqH7X030//qKX//vpHLf3fo3/U0v+9+kct/Q/QP2rpf6D+UUv/g/SPWvq/T/+opf/79Y9a+n9A/6il/wf1j1r6H6x/1NL/Q/pHLf0P0T9q6X+o/lFL/8P0j1r6H65/1NL/w/pHLf0/on/U0v+j+kct/T+mf9TS/wj9o5b+R+oftfT/uP5RS/+j9I9a+n9C/6il/9H6Ry39P6l/1NL/U/pHLf2P0T9q6X+s/lFL/0/rH7X0P07/qKX/Z/SPWvp/Vv+opf/n9I9a+n9e/6il//H6Ry39T9A/aul/ov5RS/+T9I9a+p+sf9TS/xT9o5b+p+oftfQ/Tf+opf/p+kct/b+gf9TS/wz9o5b+X9Q/aun/Jf2jlv5f1j9q6f8V/aOW/l/VP2rpf6b+UUv/r+kftfT/uv5RS/+z9I9a+p+tf9TS/xz9o5b+39A/aun/Tf2jlv7f0j9q6X+u/lFL//P0j1r6n69/1NL/2/pHLf0v0D9q6X+h/lFL/4v0j1r6X6x/1NL/O/pHLf2/q3/U0v97+kct/S/RP2rpf6n+UUv/7+sftfS/TP+opf8P9I9a+v9Q/6il/+X6Ry39r9A/aun/I/2jlv5X6h+19L9K/6il/4/1j1r6X61/1NL/Gv2jlv7X6h+19L9O/6il//X6Ry39b9A/aun/E/2jlv436h+19P+p/lFL/5/pH7X0/7n+UUv/m/SPWvr/Qv+opf8v9Y9a+v9K/6il/836Ry39f61/1NL/N/pHLf1v0T9q6f9b/aOW/r/TP2rpf6v+UUv/3+sftfT/g/5RS/8/6h+19P+T/lFL/9v0j1r6/1n/qKX/X/SPWvrfrn/U0v+v+kct/e/QP2rp/zf9o5b+d+oftfT/u/5RS/+79I9a+t+tf9TS/x79o5b+9+oftfS/T/+opf/9+kct/R/QP2rp/6D+UUv/h/SPWvo/rH/U0v8R/aOW/o/qH7X0f0z/qKT/9AP9o5b+w/SPWvoP1z9q6T9C/6il/0j9o5b+o/SPWvqP1j9q6T+d/lFL/+n1j1r6j9E/auk/g/5RS//n6B+19J9R/6il/0z6Ry39Z9Y/aun/XP2jlv6z6B+19J9V/6il/2z6Ry39n6d/1NJ/dv2jlv7P1z9q6f8C/aOW/i/UP2rpP4f+UUv/F+kftfSfU/+opf+L9Y9a+r9E/6il/1z6Ry3959Y/aun/Uv2jlv5j9Y9a+s+jf9TSf179o5b+8+kftfSfX/+opf8C+kct/RfUP2rpv5D+UUv/hfWPWvovon/U0v9l+kct/V+uf9TSf1H9o5b+i+kftfRfXP+opf8S+kct/ZfUP2rpv5T+UUv/pfWPWvovo3/U0v8Vsf9//Vf7/62l/yut/6il/7L6Ry39l9M/aum/vP5RS/8V9I9a+r9K/6il/4r6Ry39X61/1NL/NfpHLf1fq3/U0n8l/aOW/ivrH7X0H6d/1NJ/Ff2jlv6v0z9q6b+q/lFL/9X0j1r6r65/1NJ/Df2jlv5r6h+19F9L/6il/+v1j1r6v0H/qKX/2vpHLf3fqH/U0v9N+kct/d+sf9TS/y36Ry3919E/aum/rv5RS//19I9a+q+vf9TSfwP9o5b+b9U/aum/of5RS/+N9I9a+m+sf9TS/236Ry39N9E/aum/qf5RS/+36x+19N9M/6il/+b6Ry39t9A/aum/pf5RS/936B+19N9K/6il/9b6Ry39t9E/aum/rf5RS//t9I9a+m+vf9TSf7z+UUv/HfSPWvq/U/+opf+O+kct/XfSP2rpv7P+UUv/XfSPWvrvqn/U0v9d+kct/XfTP2rpv7v+UUv/PfSPWvq/W/+opf+e+kct/ffSP2rpv7f+UUv/ffSPWvrvq3/U0n8//aOW/vvrH7X0f4/+UUv/9+oftfQ/QP+opf+B+kct/Q/SP2rp/z79o5b+79c/aun/Af2jlv4f1D9q6X+w/lFL/w/pH7X0P0T/qKX/ofpHLf0P0z9q6X+4/lFL/w/rH7X0/4j+UUv/j+oftfT/mP5RS/8j9I9a+h+pf9TS/+P6Ry39j9I/aun/Cf2jlv5H6x+19P+k/lFL/0/pH7X0P0b/qKX/sfpHLf0/rX/U0v84/aOW/p/RP2rp/1n9o5b+n9M/aun/ef2jlv7H6x+19D9B/6il/4n6Ry39T9I/aul/sv5RS/9T9I9a+p+qf9TS/zT9o5b+p+sftfT/gv5RS/8z9I9a+n9R/6il/5f0j1r6f1n/qKX/V/SPWvp/Vf+opf+Z+kct/b+mf9TS/+v6Ry39z9I/aul/tv5RS/9z9I9a+n9D/6il/zf1j1r6f0v/qKX/ufpHLf3P0z9q6X++/lFL/2/rH7X0v0D/qKX/hfpHLf0v0j9q6X+x/lFL/+/oH7X0/67+UUv/7+kftfS/RP+opf+l+kct/b+vf9TS/zL9o5b+P9A/aun/Q/2jlv6X6x+19L9C/6il/4/0j1r6X6l/1NL/Kv2jlv4/1j9q6X+1/lFL/2v0j1r6X6t/1NL/Ov2jlv7X6x+19L9B/6il/0/0j1r636h/1NL/p/pHLf1/pn/U0v/n+kct/W/SP2rp/wv9o5b+v9Q/aun/K/2jlv436x+19P+1/lFL/9/oH7X0v0X/qKX/b/WPWvr/Tv+opf+t+kct/X+vf9TS/w/6Ry39/6h/1NL/T/pHLf1v0z9q6f9n/aOW/n/RP2rpf7v+UUv/v+oftfS/Q/+opf/f9I9a+t+pf9TS/+/6Ry3979I/aul/t/5RS/979I9a+t+rf9TS/z79o5b+9+sftfR/QP+opf+D+kct/R/SP2rp/7D+UUv/R/SPWvo/qn/U0v8x/aOS/mMG+kct/YfpH7X0H65/1NJ/hP5RS/+R+kct/UfpH7X0H61/1NJ/Ov2jlv7T6x+19B+jf9TSfwb9o5b+z9E/auk/o/5RS/+Z9I9a+s+sf9TS/7n6Ry39Z9E/auk/q/5RS//Z9I9a+j9P/6il/+z6Ry39n69/1NL/BfpHLf1fqH/U0n8O/aOW/i/SP2rpP6f+UUv/F+sftfR/if5RS/+59I9a+s+tf9TS/6X6Ry39x+oftfSfR/+opf+8+kct/efTP2rpP7/+UUv/BfSPWvovqH/U0n8h/aOW/gvrH7X0X0T/qKX/y/SPWvq/XP+opf+i+kct/RfTP2rpv7j+UUv/JfSPnnX9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+H/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDEgAAAABB/1+3I1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgpgAAAP//j6IATg==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x242, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_RESVSP(r2, 0x40305828, 0x0) lseek(r0, 0x0, 0x3) 11.859657206s ago: executing program 2: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$kcm(0x2, 0xa, 0x2) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, &(0x7f0000000280), 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000001c0)) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x0, 0x100000000000000, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000580)=[@acquire, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 10.42073006s ago: executing program 1: prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000000)={0x0, 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$unix(0x1, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="600000000206050000000000000000000000000005000400000000000900020073797a3200000000140007800800064000006a000800084000005fdc0500050002000000050001000600000011000300686173683a6970"], 0x60}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000280)={0x0, 0x4b, &(0x7f0000000240)={&(0x7f0000000200)={0x24, 0x3, 0x6, 0x101, 0x0, 0x0, {0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x2) r5 = socket$unix(0x1, 0x1, 0x0) bind$unix(r5, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r5, 0x0) r6 = socket$inet_smc(0x2b, 0x1, 0x0) socket$inet(0x2, 0x2000000080002, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r6, 0x0, 0x80, &(0x7f0000000280)=@broute={'broute\x00', 0x20, 0x2, 0x238, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200005c0], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000d966000000000000000000000000000000000000000000000000000018e0000000000000feffffff01000000110000000000000081006263736630000002000800000000000073697430000002000000ffff00000000626f6e643000000000000000000000007600000000010000005c121d00000000ffffffffffff0000000000000000000000000000000000000000d0000000d000000000010000766c616e000000ff030000002000000000000000000000000000000000000000080000000000007f0000000000000100766c616e000000000000000000000000000000000000000000000000000000000800000000000000000000000000000041554449540000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff01000000030000000000000000006970365f76746930000000000000000073797a6b616c6c6572300000000000006263736630000000000000000000000076657468305f746f5f7465616d000000aaaaaaaaaacc030000000000aaaaaaaaaaaa00000000000000007000000070000000a8000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff00000000"]}, 0x2b0) 7.649282601s ago: executing program 1: sched_setaffinity(0x0, 0x0, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$EXT4_IOC_GETSTATE(r0, 0x80045105, 0x0) r1 = getpid() bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, 0x0, 0x0, 0x0) prctl$PR_GET_TSC(0x43, &(0x7f0000000040)) prctl$PR_MCE_KILL(0x43, 0x0, 0x0) 7.430132513s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0xa, 0x45, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000300000207b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r2, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) sendmsg$unix(r3, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) 7.20017011s ago: executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_queued\x00', 0x26e1, 0x0) close(r0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a1282, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18080000000000000000000000000002850000000f000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001400) write$cgroup_subtree(r0, &(0x7f0000000880)=ANY=[], 0x9) 4.97643235s ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000000)='ext4_ext_show_extent\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000000), 0x400000) 4.813724051s ago: executing program 0: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) r3 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0) r4 = openat$cgroup_procs(r0, &(0x7f00000001c0)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f00000000c0), 0x12) write$cgroup_freezer_state(r3, &(0x7f0000000400)='FROZEN\x00', 0x7) write$cgroup_freezer_state(r3, &(0x7f0000000080)='THAWED\x00', 0x7) 4.651847386s ago: executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000080)='vlan0\x00', 0x10) sendto$inet(r0, 0x0, 0x0, 0x2000c7fd, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) 4.533139518s ago: executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='ext4_writepages_result\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_pid(r3, &(0x7f0000000000), 0x12) 4.330709911s ago: executing program 0: syz_mount_image$xfs(&(0x7f0000000800), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000000)={[{@largeio}, {@usrquota}]}, 0x5, 0xb8e1, &(0x7f0000013cc0)="$eJzs3QtsXXUdwPHTru1WUFlEoxEJZYMNhFHaznU8lLaMjTIoyASq4zWgjMlghi0Kg0jRGFBCphJfIUZeIgbiA2d8gGFqYCCBjSAMRAUTGWDCa5gNNVBzes/t2ruuof/t/6+jn0+ynnvO7e/s9n77P5eSte2eu6Ajy2qykt6s0g3Lj32u8cb2H3xz2n2HL7626vXS0bZJxd0NxXbfYjsl6z9ZW367unSo5jurf1Gd71QPPu9u9fVV78my9xW7bcW2tbS5vKn8fn0VisOTy/dXDzyMqq+W/gyoz998ec6U8wafJ3/HLMsO3eYDHae62+fNLZ6TbFC3CcXdVVvv69/WlP4c9ccsO2pttt3PjzGVP87JZ6z6wpNj/UB2Bd3t8zor+rcVnauK9dhQuQbHo8rP83PPbFpWPIVVg69Hu5ru9rnHZyOs43/+5Ru9faXrZm2WZXVZlk3MsmzSWPdg52jvaOnIr/nl/SJ7ef1PHu7z4s7/Xv2zLMveXbxOHFZ+LQB2Le0dLUcPs/7rRlr/dx23/ibrH3Z9ne0dLflar1j/k0Za/9PuPmZh8UV3a2nqrbH9IAAAAACAYS2/bOWFi5Yu7bnEDTfccGPgxlhfmYDYti76sX4kQGop/nNirD9GAAAAGO86u9pfmlA15NCEwTt7P9zTv525pfuClXfPOaG8Le6eP8wph3yff19fX9/q05eeU+xOrPh+2UmVw/n5l9y36NJit6Hy+w9q+4/WZmefv2Rpz6H5XzW1Nrs032nKzzutNvtavtOc70yvzW7Pd1r6d+qzNfnOIecuW3pefuCAwGfsnaWzqzebMKRYNuSzYXD/Jff1/qq8HeGU5bP1/1CJvP/mplvuqrivbDv9B86/7//hzxd4Rxld/2uuKW9HOOU263/94llNw923/f4D55+if1zDXP+HNKq87ldc/xuGOeXA/K9P+/pzef8ZP113bXGo5u1c/wedf2pl//6TD1z/81PtV77+568t++/QkzEOdXZd9dJI63/k/jUfKt6tetDswNla+m77TN7/nuvaHi8O1Y6y/34jrf+qhm2uJ4xSZ9dNfRXrfxT9s+nDnHKgybvmdK7O+7/25iOPDrpvNP33r+zfuOKizzYuv2zljCUXLVrcs7jn4pbmWa3NrU2zZ89q7L8klN7u2JMyjuzY+s92q5ipyrL9B+ZnX3HMhrz/n28+9dbi0KRR9p824vo/e+hjZZAp1VldXXbpohUrLmkqvS3vNpfelt5tmP6jeP2fWv4iqr7YVmXZBwfmD7zy9YPz/ndu2HRLcahulP2nj9S/buvfS6AdXP/nVcwM6f/QIz035/2XH/ThC4tDo339P2DE9d9r/e+ozq6K/+Gzk+X9T958xMbA8QN9/RdXiv71G1tXBY5/RP+4UvRf82LL7YHjB+kfV4r+997feEbg+MH6x5Wi/+cePGhl4PgM/eNK0X/GU9P3DBw/RP+4UvT/xxNTZwaON+ofV4r+Jz174dWB44fqH1eK/t99ZdmNgeNN+seVov/v+859MHC8Wf+4UvTf/dXFLweOt+gfV4r+K565fK/A8Zn6x5Wi/2/XX3lk4PhH9Y8rRf+Na5afEjg+S/+4UvRvXPf5SwLHW/WPK0X/F1/44W8Cx2frH1eK/g3P3/K9wPHD9I8rRf/Lt/zkX4Hjh+sfV4r+d71xx2OB40foH1eK/g9v+OW0wPEj9Y8rRf+aJ38e+u80P6Z/XCn6n/XAvRcEjn9c/7hS9P/W2rtPDBw/avv9a3bWQxzXUvTve/bEZwPH26z/uFL0n/XK/NDfD9uuf1wp+l/UN+/HgeMd+seVov+trx79lcDxo/WPK0X/p58564rA8Tn6x5Wi/3vXL1wYOH6M/nGl6N+55rTmwPG5+seVon/vugXvDxyfp39cKfrPfeFLfw0cP1b/uFL0X/X81f8JHO/UP64U/f+05drrA8eP0z+uFP33fmPV6sDx+frHlaL/ORuubw8cP17/uFL0v+PJb58fOH6C/nGl6P/qAzfsETjepX9cKfoftvb7oT9s/UT940rR/7rXNtwQOH6S/nGl6D/nrcfuCRz/hP5xpei/z8vPPB44frL+caXo/8Tfn94UOL5A/7hS9P/RI2snBo5/Uv+4UvQ/+3d/GO73hLwdp+gfV4r+Rzy6rjNw/FT940rRf9PfHro4cPw0/eNK0X/mv/e6LXC8W/+4UvR/c/M+VwWOf0r/uFL0v23jni8Ejn9a/7hS9F/24gfWBY4v1D+uFP0n37/74YHjp+sfV4r+Tz24x96B42foH1eK/l98asKKwPEz9Y8rRf/5T0xcEDh+lv4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPyPHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCnt3Am/5XPh//MzKCCGVFI2dsitLKkbW0mILkSXryBayF1pkaSEp0mInbQoVslSkiKypVEppUZLs+/8xZq4Y7/Gb+vf7TXk/n4/H3HPPOd85PvfzOp/vPe73nu8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBtttPp6qwwGIyddO/Bp9x+3+5q3LnH8uFOOXvDSV213+LC7Jt668vST7h772GQGjz/YyhPuGz5xk5HHnH3K8AlXhj/5cWcYM2bYzINhs+dR7bfZ/zDsWYY+mfigYweDwbDDJv55wpgJH1a65ZYb/ofHqrbRuDVWnzB5E/880W3EpLsn3f7E5yMn/llx88FgxU0HU3x+THvr3nbTPdN6DP8NNhq3xlqT9R9M6vx498nXd6vJn+fnXrvjitM03L/JRuNWX3tC6ymt49M2XPmUxx7fr488fjAYecJgMPLEwWDkSdO6B/8e41ZZZpUJ+/yh6xOrHzj0giDt34fNs97GMwwGg1ETv0+MPHnoewHw32XcKsu8Lqz/0UP3p/W/0i0zz2n9w3+/tcatsszgSa/zJ9564ND/38f1f+uIdY6cdiMGAAAA/lmP3n7ehZOO9Q0fDOYeTHa893GTfi4w7MyLr756mg30P0M4Tvb035n4LzOh8/RnjB0Mdt5gWg+FaWDYtB4A05T+3fTvpn83/bvp303/bvp307+b/t3076Z/N/276V9sCsf/Zxm6HHfU+q+dtOkCy82+4dmT//0Jt03/fz7qaebZevx/MH7YxJYTmo8fDAZvGrfu+gsPBoOzN5x9uXkHT9y3/IT7VpxtxKQTBCz8+McFpvDAY598OcMTj3Hm44+/1mMnjBg22SCe5I2rnr/v9hvd94rJLxea8tfxxPklzl5r1RmH3ssyfLKNpvRcHXr8oa9l8s6Txr7whLEvscdOuy6x+z77LjZ+py2322a7bXZeZulll1t6uaWWX37ZJbYdv+M2S078OIU5mzgr803NnI2efM5uH/fkOZv8a5vSnI195jl7/BFvPXLDc4fmbOQ/OWfzPfOcjR0/NNaxowZbPD41E/6T848a7D3hylLTPWnfMseEbV892/DB4Ih/fKETPpvuiefgsAPH/xvOWzLpcp5Jl/PG85acM6XzlgyGzlsydMKEFSZe7HHB0HaTv8960s1Tfd6SvVZ5eN7B096X9b/iX/r+/7Reyw97YqKGThoyaZuJvf5xnomhaVv5SeeZWC6dS+bf6WnjHTv8ied1Gu+k98UNm2z+n+l9cYPttt1/gUlRl5v4tx79l6Pkfcfaj3+c0noeO9nlM+07Rvzj03/cus2Vc02+73jDlIf4lHUxNEfTTbbRlPYde2956fgn75umsO9Ye/ykNxr/Y98x4T8739C+Y8LYFxw1OGLClaUnXFlo1OD0CVeWefzKmMHFE64svtUuO2497PHvV097Hiw87Cm/8Biet6tP9rydivPjrHT5YLDSZenrmvJ0Zul5O/oZxpvfzz14xvdzX7TlPGcNBoOZJn1dKwyN/V+Rxjvymccbzj8xeKbzTwxOuHrPk/7N431inT3+XJu0m154Cn/nKetslqets4NGPGllTO3rmq3D9hM/n+OJRztxm6uuGJqjUZM97v/0PXroa0n9h17zPdmwAwfDnmlupvQ67ClzM/Mzz83Uvn5ZeNILjDHPMDeL3nXAIkNzM/qfnJuFpjA3T349/GSjB4MxT52bkYPVJryimTQ3C07N3Mz473nezBC2n/j5Ak/cdONq+y8/NDdhLuL3/6HHX/CfnJthWzzxvJn/8fvmHT4YPXqw95Z77LHbUhM/Dl1deuLHZ16D80/NXE7/75nLOSftdYY/fXKeuGmHUx9b5l9dg/P/s3M5djB86P+5x0++WP59/Pynm/7d9O+mfzf9u+nfTf9u+hebwvH/sUM/Fzx02MnrTfphzKhL7pt1j2k93mnsWX38f1Lfpxz/32PW+y4ZPnjivmc8Pjtxm//I47PLTbzYb6mh7SY/Pjjp5qk+PnvP4ZdtPPi/OT77Lxlaq1Pxc0P7/276d9O/m/7d9O+mf7d/tv9K/0vjYNqw/rvp303/bvp307+b/t30LzaF4/9LDv0ewDW7P3zypAOho3Zff8WHpvV4p7Fn9fH/SX2fcvz/oRXX33344In7nvH4/8RtOo7/r3jzsQcP/oOP/w+tVcf/+R/o303/bvp307+b/t3076Z/N/276d9N/276d9O/m/7FpnD8f+Wh3wMYtfN88w39PsB1dxwyYlqPdxp7th7/9+//97L/76Z/N/276d9N/276d9O/m/7d9O+mfzf9u+nfTf9u+hebdPx/MNk/e/gWz4soHP//7zaF/uvoH7X0X1f/qKX/evpHLf3X1z9q6b+B/lFL/7fqH7X031D/qKX/RvpHLf031j9q6f82/aOW/pvoH7X031T/qKX/2/WPWvpvpn/U0n9z/aOW/lvoH7X031L/qKX/O/SPWvpvpX/U0n9r/aOW/tvoH7X031b/qKX/dvpHLf231z9q6T9e/6il/w76Ry3936l/1NJ/R/2jlv476R+19N9Z/6il/y76Ry39d9U/aun/Lv2jlv676R+19N9d/6il/x76Ry39361/1NJ/T/2jlv576R+19N9b/6il/z76Ry3999U/aum/n/5RS//99Y9a+r9H/6il/3v1j1r6H6B/1NL/QP2jlv4H6R+19H+f/lFL//frH7X0/4D+UUv/D+oftfQ/WP+opf+H9I9a+h+if9TS/1D9o5b+h+kftfQ/XP+opf+H9Y9a+n9E/6il/0f1j1r6f0z/qKX/EWX9R0/ldi39jyzrP7Va+n9c/6il/1H6Ry39P6F/1NL/aP2jlv6f1D9q6f8p/aOW/sfoH7X0P1b/qKX/p/WPWvofp3/U0v8z+kct/T+rf9TS/3P6Ry39P69/1NL/eP2jlv4n6B+19D9R/6il/0n6Ry39T9Y/aul/iv5RS/9T9Y9a+p+mf9TS/3T9o5b+X9A/aul/hv5RS/8v6h+19P+S/lFL/y/rH7X0/4r+UUv/r+oftfQ/U/+opf/X9I9a+n9d/6il/1n6Ry39z9Y/aul/jv5RS/9v6B+19P+m/lFL/2/pH7X0P1f/qKX/efpHLf3P1z9q6f9t/aOW/hfoH7X0v1D/qKX/RfpHLf0v1j9q6f8d/aOW/t/VP2rp/z39o5b+l+gftfS/VP+opf/39Y9a+l+mf9TS/wf6Ry39f6h/1NL/cv2jlv5X6B+19P+R/lFL/yv1j1r6X6V/1NL/x/pHLf2v1j9q6X+N/lFL/2v1j1r6X6d/1NL/ev2jlv436B+19P+J/lFL/xv1j1r6/1T/qKX/z/SPWvr/XP+opf9N+kct/X+hf9TS/5f6Ry39f6V/1NL/Zv2jlv6/1j9q6f8b/aOW/rfoH7X0/63+UUv/3+kftfS/Vf+opf/v9Y9a+v9B/6il/x/1j1r6/0n/qKX/bfpHLf3/rH/U0v8v+kct/W/XP2rp/1f9o5b+d+gftfT/m/5RS/879Y9a+v9d/6il/136Ry3979Y/aul/j/5RS/979Y9a+t+nf9TS/379o5b+D+gftfR/UP+opP+Ygf5RSf/Bw/pHLf0f0T9q6f+o/lFL/8f0j0r6DxvoH7X0H6Z/1NJ/uP5RS/8R+kct/UfqH7X0H6V/1NJ/tP5RS//p9I9a+k+vf9TSf4z+UUv/GfSPWvo/R/+opf+M+kct/WfSP2rpP7P+UUv/5+oftfSfRf+opf+s+kct/WfTP2rp/zz9o5b+s+sftfR/vv5RS/8X6B+19H+h/lFL/zn0j1r6v0j/qKX/nPpHLf1frH/U0v8l+kct/efSP2rpP7f+UUv/l+oftfQfq3/U0n8e/aOW/vPqH7X0n0//qKX//PpHLf0X0D9q6b+g/lFL/4X0j1r6L6x/1NJ/Ef2jlv4v0z9q6f9y/aOW/ovqH7X0X0z/qKX/4u39H3psoslubum/RHv/KWjpv6T+UUv/pfSPWvovrX/U0n8Z/aOW/q/QP2rp/0r9o5b+y+oftfRfTv+opf/y+kct/VfQP2rp/yr9o5b+K+oftfR/tf5RS//X6B+19H+t/lFL/5X0j1r6r6x/1NJ/nP5RS/9V9I9a+r9O/6il/6r6Ry39V9M/aum/uv5RS/819I9a+q+pf9TSfy39o5b+r9c/aun/Bv2jlv5r6x+19H+j/lFL/zfpH7X0f7P+UUv/t+gftfRfR/+opf+6+kct/dfTP2rpv77+UUv/DfSPWvq/Vf+opf+G+kct/TfSP2rpv7H+UUv/t+kftfTfRP+opf+m+kct/d+uf9TSfzP9o5b+m+sftfTfQv+opf+W+kct/d+hf9TSfyv9o5b+W+sftfTfRv+opf+2+kct/bfTP2rpv73+UUv/8fpHLf130D9q6f9O/aOW/jvqH7X030n/qKX/zvpHLf130T9q6b/rlPuP+T8Z13+olv7vsv6jlv676R+19N9d/6il/x76Ry39361/1NJ/T/2jlv576R+19N9b/6il/z76Ry3999U/aum/n/5RS//99Y9a+r9H/6il/3v1j1r6H6B/1NL/wLb+U/lbDS39D2rrP5Va+r9P/6il//v1j1r6f0D/qKX/B/WPWvofrH/U0v9D+kct/Q/RP2rpf6j+UUv/w/SPWvofrn/U0v/D+kct/T+if9TS/6P6Ry39P6Z/1NL/CP2jlv5H6h+19P+4/lFL/6P0j1r6f0L/qKX/0fpHLf0/qX/U0v9T+kct/Y/RP2rpf6z+UUv/T+sftfQ/Tv+opf9n9I9a+n9W/6il/+f0j1r6f17/qKX/8fpHLf1P0D9q6X+i/lFL/5P0j1r6n6x/1NL/FP2jlv6n6h+19D9N/6il/+n6Ry39v6B/1NL/DP2jlv5f1D9q6f8l/aOW/l/WP2rp/xX9o5b+X9U/aul/pv5RS/+v6R+19P+6/lFL/7P0j1r6n61/1NL/HP2jlv7f0D9q6f9N/aOW/t/SP2rpf67+UUv/8/SPWvqfr3/U0v/b+kct/S/QP2rpf6H+UUv/i/SPWvpfrH/U0v87+kct/b+rf9TS/3v6Ry39L9E/aul/qf5RS//v6x+19L9M/6il/w/0j1r6/1D/qKX/5fpHLf2v0D9q6f8j/aOW/lfqH7X0v0r/qKX/j/WPWvpfrX/U0v8a/aOW/tfqH7X0v07/qKX/9fpHLf1v0D9q6f8T/aOW/jfqH7X0/+lgMBg9rcb0H6yl/8+s/6il/8/1j1r636R/1NL/F/pHLf1/qX/U0v9X+kct/W/WP2rp/2v9o5b+v9E/aul/i/5RS//f6h+19P+d/lFL/1v1j1r6/17/qKX/H/SPWvr/Uf+opf+f9I9a+t+mf9TS/8/6Ry39/6J/1NL/dv2jlv5/1T9q6X+H/lFL/7/pH7X0v1P/qKX/3/WPWvrfpX/U0v9u/aOW/vfoH7X0v1f/qKX/ffpHLf3v1z9q6f+A/lFL/wf1j1r6P6R/1NL/Yf2jlv6P6B+19H9U/6il/2P6RyX9H/9U/6dr6T9M/6il/3D9o5b+I/SPWvqP1D9q6T9K/6il/2j9o5b+0+kftfSfXv+opf8Y/aOW/jPoH7X0f47+UUv/GfWPWvrPpH/U0n9m/aOW/s/VP2rpP4v+UUv/WfWPWvrPpn/U0v95+kct/WfXP2rp/3z9o5b+L9A/aun/Qv2jlv5z6B+19H+R/lFL/zn1j1r6v1j/qKX/S/SPWvrPpX/U0n9u/aOW/i/VP2rpP1b/qKX/PPpHLf3n1T9q6T+f/lFL//n1j1r6L6B/1NJ/Qf2jlv4L6R+19F9Y/6il/yL6Ry39X6Z/1NL/5fpHLf0X1T9q6b+Y/lFL/8X1j1r6L6F/1NJ/Sf2jlv5L6R+19F9a/6il/zL6Ry39X6F/1NL/lfpHLf2X1T9q6b+c/lFL/+X1j1r6r6B/1NL/VfpHLf1X1D9q6f9q/aOW/q/RP2rp/1r9o5b+K+kftfRfeQr9Z1vi/2pg/5la+o+z/qOW/qvoH7X0f53+UUv/VfWPWvqvpn/U0n91/aOW/mvoH7X0X1P/qKX/WvpHLf1fr3/U0v8N+kct/dfWP2rp/0b9o5b+b9I/aun/Zv2jlv5v0T9q6b+O/lFL/3X1j1r6r6d/1NJ/ff2jlv4b6B+19H+r/lFL/w31j1r6b6R/1NJ/Y/2jlv5v0z9q6b+J/lFL/031j1r6v13/qKX/ZvpHLf031z9q6b+F/lFL/y31j1r6v0P/qKX/VvpHLf231j9q6b+N/lFL/231j1r6b6d/1NJ/e/2jlv7j9Y9a+u+gf9TS/536Ry39d9Q/aum/k/5RS/+d9Y9a+u+if9TSf1f9o5b+79I/aum/m/5RS//d9Y9a+u+hf9TS/936Ry3999Q/aum/l/5RS/+99Y9a+u+jf9TSf1/9o5b+++kftfTfX/+opf979I9a+r9X/6il/wH6Ry39D9Q/aul/kP5RS//36R+19H+//lFL/w/oH7X0/6D+UUv/g/WPWvp/SP+opf8h+kct/Q/VP2rpf5j+UUv/w/WPWvp/WP+opf9H9I9a+n9U/6il/8f0j1r6H6F/1NL/SP2jlv4f1z9q6X+U/lFL/0/oH7X0P1r/qKX/J/WPWvp/qqz/gVO5XUv/Y8r6T62W/sfqH7X0/7T+UUv/4/SPWvp/Rv+opf9n9Y9a+n9O/6il/+f1j1r6H69/1NL/BP2jlv4n6h+19D9J/6il/8n6Ry39T9E/aul/qv5RS//T9I9a+p+uf9TS/wv6Ry39z9A/aun/Rf2jlv5f0j9q6f9l/aOW/l/RP2rp/1X9o5b+Z+oftfT/mv5RS/+v6x+19D9L/6il/9n6Ry39z9E/aun/Df2jlv7f1D9q6f8t/aOW/ufqH7X0P0//qKX/+fpHLf2/rX/U0v8C/aOW/hfqH7X0v0j/qKX/xfo/xdyTLlv6f0f/qKX/d/WPWvp/T/+opf8l+kct/S/VP2rp/339o5b+l+kftfT/gf5RS/8f6h+19L9c/6il/xX6Ry39f6R/1NL/Sv2jlv5X6R+19P+x/lFL/6v1j1r6X6N/1NL/Wv2jlv7X6R+19L9e/6il/w36Ry39f6J/1NL/Rv2jlv4/1T9q6f8z/aOW/j/XP2rpf5P+UUv/X+gftfT/pf5RS/9f6R+19L9Z/6il/6/1j1r6/0b/qKX/LfpHLf1/q3/U0v93+kct/W/VP2rp/3v9o5b+f9A/aun/R/2jlv5/0j9q6X+b/lFL/z/rH7X0/4v+UUv/2/WPWvr/Vf+opf8d+kct/f+mf9TS/079o5b+f9c/aul/l/5RS/+79Y9a+t+jf9TS/179o5b+9+kftfS/X/+opf8D+kct/R/UP2rp/5D+UUv/h/WPWvo/on/U0v9R/aOW/o/pH5X0HzHQP2rpP0z/qKX/cP2jlv4j9I9a+o/UP2rpP0r/qKX/aP2jlv7T6R+19J9e/6il/xj9o5b+M+gftfR/jv5RS/8Z9Y9a+s+kf9TSf2b9o5b+z9U/auk/i/5RS/9Z9Y9a+s+mf9TS/3n6Ry39Z9c/aun/fP2jlv4v0D9q6f9C/aOW/nPoH7X0f5H+UUv/OfWPWvq/WP+opf9L9I9a+s+lf9TSf279o5b+L9U/auk/Vv+opf88+kct/efVP2rpP5/+UUv/+fWPWvovoH/U0n9B/aOW/gvpH7X0X1j/qKX/IvpHLf1fpn/U0v/l+kct/RfVP2rpv5j+UUv/xfWPWvovoX/U0n9J/aOW/kvpH7X0X1r/qKX/MvpHLf1foX/U0v+V+kct/ZfVP2rpv5z+UUv/5Xv7T/dMd7b0X6G3/zNq6f8q/aOW/ivqH7X0f7X+UUv/1+gftfR/rf5RS/+V9I9a+q+sf9TSf5z+UUv/VfSPWvq/Tv+opf+q+kct/VfTP2rpv7r+UUv/NfSPWvqvqX/U0n8t/aOW/q/XP2rp/wb9o5b+a+sftfR/o/5RS/836R+19H+z/lFL/7foH7X0X0f/qKX/uvpHLf3X0z9q6b++/lFL/w30j1r6v1X/qKX/hvpHLf030j+a2H/6wbO9/8b6Ry3r/236Ry39N9E/aum/qf5RS/+36x+19N9M/6il/+b6Ry39t9A/aum/pf5RS/936B+19N9K/6il/9b6Ry39t9E/aum/rf5RS//t9I9a+m+vf9TSf7z+UUv/HfSPWvq/U/+opf+O+kct/XfSP2rpv7P+UUv/XfSPWvrvqn/U0v9d+kct/XfTP2rpv7v+UUv/PfSPWvq/W/+opf+e+kct/ffSP2rpv7f+UUv/ffSPWvrvq3/U0n8//aOW/vvrH7X0f4/+UUv/9+oftfQ/QP+opf+B+kct/Q/SP2rp/z79o5b+79c/aun/Af2jlv4f1D9q6X+w/kMee+xJV1r6f0j/qKX/IfpHLf0P1T9q6X+Y/lFL/8P1j1r6f1j/qKX/R/SPWvp/VP+opf/H9I9a+h+hf9TS/0j9o5b+H9c/aul/lP5RS/9P6B+19D9a/6il/yf1j1r6f0r/qKX/MfpHLf2P1T9q6f9p/aOW/sfpH7X0/4z+UUv/z+oftfT/nP5RS//P6x+19D9e/6il/wn6Ry39T9Q/aul/kv5RS/+T9Y9a+p+if9TS/1T9o5b+p+kftfQ/Xf+opf8X9I9a+p+hf9TS/4v6Ry39v6R/1NL/y/pHLf2/on/U0v+r+kct/c/UP2rp/zX9o5b+X9c/aul/lv5RS/+z9Y9a+p+jf9TS/xv6Ry39v6l/1NL/W/pHLf3P1T9q6X+e/lFL//P1j57N/Vf+x60jvq1/9Gzu/+T1f4H+UUv/C/WPWvpfpH/U0v9i/aOW/t/RP2rp/139o5b+39M/aul/if5RS/9L9Y9a+n9f/6il/2X6Ry39f6B/1NL/h/pHLf0v1z9q6X+F/lFL/x/pH7X0v1L/qKX/VfpHLf1/rH/U0v9q/aOW/tfoH7X0v1b/qKX/dfpHLf2v1z9q6X+D/lFL/5/oH7X0v1H/qKX/T/WPWvr/TP+opf/P9Y9a+t+kf9TS/xf6Ry39f6l/1NL/V/pHLf1v1j9q6f9r/aOW/r/RP2rpf4v+UUv/3+oftfT/nf5RS/9b9Y9a+v9e/6il/x/0j1r6/1H/qKX/n/SPWvrfpn/U0v/P+kct/f+if9TS/3b9o5b+f9U/aul/h/5RS/+/6R+19L9T/6il/9/1j1r636V/1NL/bv2jlv736B+19L9X/6il/336Ry3979c/aun/gP5RS/8H9Y9a+j+kf9TS/2H9o5b+j+gftfR/VP+opf9j+kcl/UcO9I9a+g/TP2rpP/x/7D/if3dc/6Fa+o+w/qOW/iP1j1r6j9I/auk/Wv+opf90+kct/afXP2rpP0b/qKX/DPpHLf2fo3/U0n9G/aOW/jPpH7X0n1n/qKX/c/WPWvrPon/U0n9W/aOW/rPpH7X0f57+UUv/2fWPWvo/X/+opf8L9I9a+r9Q/6il/xz6Ry39X6R/1NJ/Tv2jlv4v1j9q6f8S/aOW/nPpH7X0n1v/qKX/S/WPWvqP1T9q6T+P/lFL/3n1j1r6z6d/1NJ/fv2jlv4L6B+19F9Q/6il/0L6Ry39F9Y/aum/iP5RS/+X6R+19H+5/lFL/0X1j1r6L6Z/1NJ/cf2jlv5L6B+19F9S/6il/1L6Ry39l9Y/aum/jP7Rs7j/mCfdOvIV+kfP4v5PWf+v1D9q6b+s/lFL/+X0j1r6L69/1NJ/Bf2jlv6vquk//T+1dUv/FWv6/3Na+r9a/6il/2v0j1r6v1b/qKX/SvpHLf1X1j9q6T9O/6il/yr6Ry39X6d/1NJ/Vf2jlv6r6R+19F9d/6il/xr6Ry3919Q/aum/lv5RS//X6x+19H+D/lFL/7X1j1r6v1H/qKX/m/SPWvq/Wf+opf9b9I9a+q+jf9TSf139o5b+6+kftfRfX/+opf8G+kct/d+qf9TSf0P9o5b+G+kftfTfWP+opf/b9I9a+m+if9TSf1P9o5b+b9c/aum/mf5RS//N9Y9a+m+hf9TSf0v9o5b+79A/aum/lf5RS/+t9Y9a+m+jf9TSf1v9o5b+2+kftfTfXv+opf94/aOW/jvoH7X0f6f+UUv/HfWPWvrvpH/U0n9n/aOW/rvoH7X031X/qKX/u/SPWvrvpn/U0n93/aOW/nvoH7X0f7f+UUv/PfWPWvrvpX/U0n9v/aOW/vvoH7X031f/qKX/fvpHLf331z9q6f8e/aOW/u/VP2rpf4D+UUv/A/WPWvofpH/U0v99+kct/d+vf9TS/wP6Ry39P6h/1NL/YP2jlv4f0j9q6X+I/lFL/0P1j1r6H6Z/1NL/cP2jlv4f1j9q6f8R/aOW/h/VP2rp/zH9o5b+R+gftfQ/Uv+opf/H9Y9a+h+lf9TS/xP6Ry39j9Y/aun/Sf2jlv6f0j9q6X+M/lFL/2P1j1r6f1r/qKX/cfpHLf0/o3/U0v+z+kct/T+nf9TS//P6Ry39j9c/aul/gv5RS/8T9Y9a+p+kf9TS/2T9o5b+p+gftfQ/Vf+opf9p+kct/U/XP2rp/wX9o2dz/+n/cevIM/SPns39n7z+v6h/1NL/S/pHLf2/rH/U0v8r+kct/b+qf9TS/0z9o5b+X9M/aun/df2jlv5n6R+19D9b/6il/zn6Ry39v6F/1NL/m/pHLf2/pX/U0v9c/aOW/ufpH7X0P1//qKX/t/WPWvpfoH/U0v9C/aOW/hfpH7X0v1j/qKX/d/SPWvp/V/+opf/39I9a+l+if9TS/1L9o5b+39c/aul/mf5RS/8f6B+19P+h/lFL/8v1j1r6X6F/1NL/R/pHLf2v1D9q6X+V/lFL/x/rH7X0v1r/qKX/NfpHLf2v1T9q6X9dXf8bHpuarVr6X1/Xf+q09L9B/6il/0/0j1r636h/1NL/p/pHLf1/pn/U0v/n+kct/W/SP2rp/wv9o5b+v9Q/aun/K/2jlv436x+19P+1/lFL/9/oH7X0v0X/qKX/b/WPWvr/Tv+opf+t+kct/X+vf9TS/w/6Ry39/6h/1NL/T/pHLf1v0z9q6f9n/aOW/n/RP2rpf7v+UUv/v+oftfS/Q/+opf/f9I9a+t+pf9TS/+/6Ry3979I/aul/t/5RS/979I9a+t+rf9TS/z79o5b+9+sftfR/QP+opf+D+kct/R/SP2rp/7D+UUv/R/SPWvo/qn/U0v8x/aOS/qMG+kct/YfpH7X0H65/1NJ/hP5RS/+R+kct/UfpH7X0H61/1NJ/Ov2jlv7T6x+19B+jf9TSfwb9o5b+z9E/auk/o/7RE/03GTYYPIv7z6R/1LL+Z9Y/aun/XP2jlv6z6B+19J9V/6il/2z6Ry39n6d/1NJ/dv2jlv7P1z9q6f8C/aOW/i/UP2rpP4f+UUv/F+kftfSfU/+opf+L9Y9a+r9E/6il/1z6Ry3959Y/aun/Uv2jlv5j9Y9a+s+jf9TSf179o5b+8+kftfSfX/+opf8C+kct/RfUP2rpv5D+UUv/hfWPWvovon/U0v9l+kct/V+uf9TSf1H9o5b+i+kftfRfXP+opf8S+kct/ZfUP2rpv5T+UUv/pfWPWvovo3/U0v8V+kct/V+pf9TSf1n9o5b+y+kftfRfXv+opf8K+kct/V+lf9TSf0X9o5b+r9Y/aun/Gv2jlv6v1T9q6b+S/lFL/5X1j1r6j9M/aum/iv5RS//X6R+19F9V/6il/2r6Ry39V9c/aum/hv5RS/819Y9a+q+lf9TS//X6Ry3936B/1NJ/bf2jlv5v1D9q6f8m/aOW/m/WP2rp/xb9o5b+6+gfTeh//WAweLb3X1f/qGX9r6d/1NJ/ff2jlv4b6B+19H+r/lFL/w31j1r6b6R/1NJ/Y/2jlv5v0z9q6b+J/lFL/031j1r6v13/qKX/ZvpHLf031z9q6b+F/lFL/y31j1r6v0P/qKX/VvpHLf231j9q6b+N/lFL/231j1r6b6d/1NJ/e/2jlv7j9Y9a+u+gf9TS/536Ry39d9Q/aum/k/5RS/+d9Y9a+u+if9TSf1f9o5b+79I/aum/m/5RS//d9Y9a+u+hf9TS/936Ry3999Q/aum/l/5RS/+99Y9a+u+jf9TSf1/9o5b+++kftfTfX/+opf979I9a+r9X/6il/wH6Ry39D9Q/aul/kP5RS//36R+19H+//lFL/w/oH7X0/6D+UUv/g/WPWvp/SP+opf8h+kct/Q/VP2rpf5j+UUv/w/WPWvp/WP+opf9H9I9a+n9U/6il/8f0j1r6H6F/1NL/SP2jlv4f1z9q6X+U/lFL/0/oH7X0P1r/qKX/J/WPWvp/Sv+opf8x+kct/Y/VP2rp/2n9o5b+x+kftfT/jP5RS//P6h+19P+c/lFL/8/rH7X0P17/qKX/CfpHLf1P1D9q6X+S/lFL/5P1j1r6n6J/1NL/VP2jlv6n6R+19D9d/6il/xf0j1r6n6F/1NL/i1X91zx0ards6f+lqv5Tr6X/l/WPWvp/Rf+opf9X9Y9a+p+pf9TS/2v6Ry39v65/1NL/LP2jlv5n6x+19D9H/6il/zf0j1r6f1P/qKX/t/SPWvqfq3/U0v88/aOW/ufrH7X0/7b+UUv/C/SPWvpfqH/U0v8i/aOW/hfrH7X0/47+UUv/7+oftfT/nv5RS/9L9I9a+l+qf9TS//v6Ry39L9M/aun/A/2jlv4/1D9q6X+5/lFL/yv0j1r6/0j/qKX/lfpHLf2v0j9q6f9j/aOW/lfrH7X0v0b/qKX/tfpHLf2v0z9q6X+9/lFL/xv0j1r6/0T/qKX/jfpHLf1/qn/U0v9n+kct/X+uf9TS/yb9o5b+v9A/aun/S/2jlv6/0j9q6X+z/lFL/1/rH7X0/43+UUv/W/SPWvr/Vv+opf/v9I9a+t+qf9TS//f6Ry39/6B/1NL/j/pHLf3/pH/U0v82/aOW/n/WP2rp/xf9o5b+t+sftfT/q/5RS/879I9a+v9N/6il/536Ry39/65/1NL/Lv2jlv536x+19L9H/6il/736Ry3979M/aul/v/5RS/8H9I9a+j+of9TS/yH9o5b+D+sftfR/RP+opf+j+kct/R/TPyrpP3qgf9TSf5j+UUv/4fpHLf1H6B+19B+pf9TSf5T+UUv/0fpHLf2n0z9q6T+9/lFL/zH6Ry39Z9A/aun/HP2jlv4z6h+19J9J/6il/8z6Ry39n6t/1NJ/Fv2jlv6z6h+19J9N/6il//P0j1r6z65/1NL/+fpHLf1foH/U0v+F+kct/efQP2rp/yL9o5b+c+oftfR/sf5RS/+X6B+19J9L/6il/9z6Ry39X6p/1NJ/rP5RS/959I9a+s+rf9TSfz79o5b+8+sftfRfQP+opf+C+kct/RfSP2rpv7D+UUv/RfSPWvq/TP+opf/L9Y9a+i+qf9TSfzH9o5b+i+sftfRfQv+opf+S+kct/ZfSP2rpv7T+UUv/ZfSPWvq/Qv+opf8r9Y9a+i+rf9TSfzn9o5b+y+sftfRfQf+opf+r9I9a+q+of9TS/9X6Ry39X6N/1NL/tfpHLf1X0j9q6b+y/lFL/3H6Ry39V9E/aun/Ov2jlv6r6h+19F9N/6il/+r6Ry3919A/aum/pv5RS/+19I9a+r9e/6il/xv0j1r6r61/1NL/jfpHLf3fpH/U0v/N+kct/d+if9TSfx39o5b+6+oftfRfT/+opf/6+kct/TfQP2rp/1b9o5b+G+oftfTfSP+opf/G+kct/d+mf9TSfxP9o5b+m+oftfR/u/5RS//N9I9a+m+uf9TSfwv9o5b+W+oftfR/h/5RS/+t9I9a+m+tf9TSfxv9o5b+2+oftfTfTv+opf/2+kct/cfrH7X030H/qKX/O/WPWvrvqH/U0n8n/aOW/jvrH7X030X/qKX/rvpHLf3fpX/U0n83/aOW/rvrH7X030P/qKX/u/WPWvrvqX/U0n8v/aOW/nvrH7X030f/qKX/vvpHLf330z9q6b+//lFL//foH7X0f6/+UUv/A/SPWvofqH/U0v8g/aOW/u/TP2rp/379o5b+H9A/aun/Qf2jlv4H6x+19P+Q/lFL/0P0j1r6H6p/1NL/MP2jlv6H6x+19P+w/lFL/4/oH7X0/6j+UUv/j+kftfQ/Qv+opf+R+kct/T+uf9TS/yj9o5b+n9A/aul/tP5RS/9P6h+19P+U/lFL/2P0j1r6H6t/1NL/0/pHLf2P0z9q6f8Z/aOW/p/VP2rp/zn9o5b+n9c/aul/vP5RS/8T9I9a+p+of9TS/yT9o5b+J+sftfQ/Rf+opf+p+kct/U/TP2rpf7r+UUv/L+gftfQ/Q/+opf8X9Y9a+n9J/6il/5f1j1r6f0X/qKX/V/WPWvqfqX/U0v9r+kct/b+uf9TS/yz9o5b+Z+sftfQ/R/+opf839I9a+n9T/6il/7f0j1r6n6t/1NL/PP2jlv7n6x+19P+2/lFL/wv0j1r6X6h/1NL/Iv2jlv4X6x+19P+O/lFL/+/qH7X0/57+UUv/S/SPWvpfqn/U0v/7+kct/S/TP2rp/wP9o5b+P9Q/aul/uf5RS/8r9I9a+v9I/6il/5X6Ry39r9I/aun/Y/2jlv5X6x+19L9G/6il/7X6Ry39r9M/aul/vf5RS/8b9I9a+v9E/6il/436Ry39f6p/1NL/Z/pHLf1/rn/U0v8m/aOW/r/QP2rp/0v9o5b+v9I/aul/s/5RS/9f6x+19P+N/lFL/1v0j1r6/1b/qKX/7/SPWvrfqn/U0v/3+kct/f+gf9TS/4/6Ry39/6R/1NL/Nv2jlv5/1j9q6f8X/aOW/rfrH7X0/6v+UUv/O/SPWvr/Tf+opf+d+kct/f+uf9TS/y79o5b+d+sftfS/R/+opf+9+kct/e/TP2rpf7/+UUv/B/SPWvo/qH/U0v8h/aOW/g/rH7X0f0T/qKX/o/pHLf0f0z8q6T/dQP+opf8w/aOW/sP1j1r6j9A/auk/Uv+opf8o/aOW/qP1j1r6T6d/1NJ/ev2jlv5j9I9a+s+gf9TS/zn6Ry39Z9Q/auk/k/5RS/+Z9Y9a+j9X/6il/yz6Ry39Z9U/auk/m/5RS//n6R+19J9d/6il//P1j1r6v0D/qKX/C/WPWvrPoX/U0v9F+kct/efUP2rp/2L9o5b+L9E/auk/l/5RS/+59Y9a+r9U/6il/1j9o5b+8+gftfSfV/+opf98+kct/efXP2rpv4D+UUv/BfWPWvovpH/U0n9h/aOW/ovoH7X0f5n+UUv/l+sftfRfVP+opf9i+kct/RfXP2rpv4T+UUv/JfWPWvovpX/U0n9p/aOW/svoH7X0f4X+UUv/V+oftfRfVv+opf9yU9H/zpn/Nwf2n6ml//LWf9TSfwX9o5b+r9I/aum/ov5RS/9X6x+19H+N/lFL/9fqH7X0X0n/qKX/yvpHLf3H6R+19F9F/6il/+v0j1r6r6p/1NJ/Nf2jlv6r6x+19F9D/6il/5r6Ry3919I/aun/ev2jlv5v0D9q6b+2/lFL/zfqH7X0f5P+UUv/N+sftfR/i/5RS/919I9a+q+rf9TSfz39o5b+6+sftfTfQP+opf9b9Y9a+m+of9TSfyP9o5b+G+sftfR/m/5RS/9N9I9a+m+qf9TS/+36Ry39N9M/aum/uf5RS/8t9I9a+m+pf9TS/x36Ry39t9I/aum/tf5RS/9t9I9a+m+rf9TSfzv9o5b+2+sftfQfr3/U0n8H/aOW/u/UP2rpv6P+UUv/nfSPWvrvrH/U0n8X/aOW/rvqH7X0f5f+UUv/3fSPWvrvrn/U0n8P/aOW/u/WP2rpv6f+UUv/vfSPWvrvrX/U0n8f/aOW/vvqH7X030//qKX//vpHLf3fo3/U0v+9+kct/Q/QP2rpf6D+UUv/g/SPWvq/T/+opf/79Y9a+n9A/6il/wf1j1r6H6x/1NL/Q/pHLf0P0T9q6X+o/lFL/8P0j1r6H65/1NL/w/pHLf0/on/U0v+j+kct/T+mf9TS/wj9o5b+R+oftfT/uP5RS/+j9I9a+n9C/6il/9H6Ry39P6l/1NL/U/pHLf2P0T9q6X+s/lFL/0/rH7X0P07/qKX/Z/SPWvp/Vv+opf/n9I9a+n9e/6il//H6Ry39T9A/aul/ov5RS/+T9I9a+p+sf9TS/xT9o5b+p+oftfQ/Tf+opf/p+kct/b+gf9TS/wz9o5b+X9Q/aun/Jf2jlv5f1j9q6f8V/aOW/l/VP2rpf6b+UUv/r+kftfT/uv5RS/+z9I9a+p+tf9TS/xz9o5b+39A/aun/Tf2jlv7f0j9q6X+u/lFL//P0j1r6n69/1NL/2/pHLf0v0D9q6X+h/lFL/4v0j1r6X6x/1NL/O/pHLf2/q3/U0v97+kct/S/RP2rpf6n+UUv/7+sftfS/TP+opf8P9I9a+v9Q/6il/+X6Ry39r9A/aun/I/2jlv5X6h+19L9K/6il/4/1j1r6X61/1NL/Gv2jlv7X6h+19L9O/6il//X6Ry39b9A/aun/E/2jlv436h+19P+p/lFL/5/pH7X0/7n+UUv/m/SPWvr/Qv+opf8v9Y9a+v9K/6il/836Ry39f61/1NL/N/pHLf1v0T9q6f9b/aOW/r/TP2rpf6v+UUv/3+sftfT/g/5RS/8/6h+19P+T/lFL/9v0j1r6/1n/qKX/X/SPWvrfrn/U0v+v+kct/e/QP2rp/zf9o5b+d+oftfT/u/5RS/+79I9a+t+tf9TS/x79o5b+9+oftfS/T/+opf/9+kct/R/QP2rp/6D+UUv/h/SPWvo/rH/U0v8R/aOW/o/qH7X0f0z/qKT/9AP9o5b+w/SPWvoP1z9q6T9C/6il/0j9o5b+o/SPWvqP1j9q6T+d/lFL/+n1j1r6j9E/auk/g/5RS//n6B+19J9R/6il/0z6Ry39Z9Y/aun/XP2jlv6z6B+19J9V/6il/2z6Ry39n6d/1NJ/dv2jlv7P1z9q6f8C/aOW/i/UP2rpP4f+UUv/F+kftfSfU/+opf+L9Y9a+r9E/6il/1z6Ry3959Y/aun/Uv2jlv5j9Y9a+s+jf9TSf179o5b+8+kftfSfX/+opf8C+kct/RfUP2rpv5D+UUv/hfWPWvovon/U0v9l+kct/V+uf9TSf1H9o5b+i+kftfRfXP+opf8S+kct/ZfUP2rpv5T+UUv/pfWPWvovo3/U0v8Vsf9//Vf7/62l/yut/6il/7L6Ry39l9M/aum/vP5RS/8V9I9a+r9K/6il/4r6Ry39X61/1NL/NfpHLf1fq3/U0n8l/aOW/ivrH7X0H6d/1NJ/Ff2jlv6v0z9q6b+q/lFL/9X0j1r6r65/1NJ/Df2jlv5r6h+19F9L/6il/+v1j1r6v0H/qKX/2vpHLf3fqH/U0v9N+kct/d+sf9TS/y36Ry3919E/aum/rv5RS//19I9a+q+vf9TSfwP9o5b+b9U/aum/of5RS/+N9I9a+m+sf9TS/236Ry39N9E/aum/qf5RS/+36x+19N9M/6il/+b6Ry39t9A/aum/pf5RS/936B+19N9K/6il/9b6Ry39t9E/aum/rf5RS//t9I9a+m+vf9TSf7z+UUv/HfSPWvq/U/+opf+O+kct/XfSP2rpv7P+UUv/XfSPWvrvqn/U0v9d+kct/XfTP2rpv7v+UUv/PfSPWvq/W/+opf+e+kct/ffSP2rpv7f+UUv/ffSPWvrvq3/U0n8//aOW/vvrH7X0f4/+UUv/9+oftfQ/QP+opf+B+kct/Q/SP2rp/z79o5b+79c/aun/Af2jlv4f1D9q6X+w/lFL/w/pH7X0P0T/qKX/ofpHLf0P0z9q6X+4/lFL/w/rH7X0/4j+UUv/j+oftfT/mP5RS/8j9I9a+h+pf9TS/+P6Ry39j9I/aun/Cf2jlv5H6x+19P+k/lFL/0/pH7X0P0b/qKX/sfpHLf0/rX/U0v84/aOW/p/RP2rp/1n9o5b+n9M/aun/ef2jlv7H6x+19D9B/6il/4n6Ry39T9I/aul/sv5RS/9T9I9a+p+qf9TS/zT9o5b+p+sftfT/gv5RS/8z9I9a+n9R/6il/5f0j1r6f1n/qKX/V/SPWvp/Vf+opf+Z+kct/b+mf9TS/+v6Ry39z9I/aul/tv5RS/9z9I9a+n9D/6il/zf1j1r6f0v/qKX/ufpHLf3P0z9q6X++/lFL/2/rH7X0v0D/qKX/hfpHLf0v0j9q6X+x/lFL/+/oH7X0/67+UUv/7+kftfS/RP+opf+l+kct/b+vf9TS/zL9o5b+P9A/aun/Q/2jlv6X6x+19L9C/6il/4/0j1r6X6l/1NL/Kv2jlv4/1j9q6X+1/lFL/2v0j1r6X6t/1NL/Ov2jlv7X6x+19L9B/6il/0/0j1r636h/1NL/p/pHLf1/pn/U0v/n+kct/W/SP2rp/wv9o5b+v9Q/aun/K/2jlv436x+19P+1/lFL/9/oH7X0v0X/qKX/b/WPWvr/Tv+opf+t+kct/X+vf9TS/w/6Ry39/6h/1NL/T/pHLf1v0z9q6f9n/aOW/n/RP2rpf7v+UUv/v+oftfS/Q/+opf/f9I9a+t+pf9TS/+/6Ry3979I/aul/t/5RS/979I9a+t+rf9TS/z79o5b+9+sftfR/QP+opf+D+kct/R/SP2rp/7D+UUv/R/SPWvo/qn/U0v8x/aOS/mMG+kct/YfpH7X0H65/1NJ/hP5RS/+R+kct/UfpH7X0H61/1NJ/Ov2jlv7T6x+19B+jf9TSfwb9o5b+z9E/auk/o/5RS/+Z9I9a+s+sf9TS/7n6Ry39Z9E/auk/q/5RS//Z9I9a+j9P/6il/+z6Ry39n69/1NL/BfpHLf1fqH/U0n8O/aOW/i/SP2rpP6f+UUv/F+sftfR/if5RS/+59I9a+s+tf9TS/6X6Ry39x+oftfSfR/+opf+8+kct/efTP2rpP7/+UUv/BfSPWvovqH/U0n8h/aOW/gvrH7X0X0T/qKX/y/SPWvq/XP+opf+i+kct/RfTP2rpv7j+UUv/JfSPnnX9AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+H/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDEgAAAABB/1+3I1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgpgAAAP//j6IATg==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x242, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_RESVSP(r2, 0x40305828, 0x0) lseek(r0, 0x0, 0x3) 2.392248403s ago: executing program 2: timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) clock_nanosleep(0x0, 0x0, &(0x7f0000000000)={0x77359400}, 0x0) 2.297622657s ago: executing program 4: rt_sigqueueinfo(0x0, 0x0, &(0x7f0000000440)) 2.251486695s ago: executing program 1: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = eventfd(0x0) r2 = fcntl$dupfd(r1, 0x0, r1) write$FUSE_ATTR(r2, &(0x7f0000000240)={0x78, 0xfffffffffffffffe}, 0x78) write$cgroup_devices(r2, &(0x7f0000000380)=ANY=[@ANYBLOB='b *:\n'], 0x8) close(r2) openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x100582, 0x0) rt_sigreturn() timer_settime(0x0, 0x0, &(0x7f00000002c0)={{0x77359400}, {0x0, 0x3938700}}, 0x0) mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) 2.229612145s ago: executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x2000c7fd, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) 2.161503655s ago: executing program 4: munlock(&(0x7f0000003000/0x3000)=nil, 0x3000) 2.105305799s ago: executing program 3: r0 = signalfd4(0xffffffffffffffff, &(0x7f00000000c0), 0x8, 0x0) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCBRDELBR(r0, 0x5450, 0x0) 2.023313039s ago: executing program 4: lsetxattr$trusted_overlay_origin(0x0, 0x0, 0x0, 0x54, 0x0) 1.912860376s ago: executing program 3: prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000000)={0x0, 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$unix(0x1, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="600000000206050000000000000000000000000005000400000000000900020073797a3200000000140007800800064000006a000800084000005fdc0500050002000000050001000600000011000300686173683a6970"], 0x60}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000280)={0x0, 0x4b, &(0x7f0000000240)={&(0x7f0000000200)={0x24, 0x3, 0x6, 0x101, 0x0, 0x0, {0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x2) r5 = socket$unix(0x1, 0x1, 0x0) bind$unix(r5, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) listen(r5, 0x0) r6 = socket$inet_smc(0x2b, 0x1, 0x0) socket$inet(0x2, 0x2000000080002, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r6, 0x0, 0x80, &(0x7f0000000280)=@broute={'broute\x00', 0x20, 0x2, 0x238, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200005c0], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000d966000000000000000000000000000000000000000000000000000018e0000000000000feffffff01000000110000000000000081006263736630000002000800000000000073697430000002000000ffff00000000626f6e643000000000000000000000007600000000010000005c121d00000000ffffffffffff0000000000000000000000000000000000000000d0000000d000000000010000766c616e000000ff030000002000000000000000000000000000000000000000080000000000007f0000000000000100766c616e000000000000000000000000000000000000000000000000000000000800000000000000000000000000000041554449540000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff01000000030000000000000000006970365f76746930000000000000000073797a6b616c6c6572300000000000006263736630000000000000000000000076657468305f746f5f7465616d000000aaaaaaaaaacc030000000000aaaaaaaaaaaa00000000000000007000000070000000a8000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa0000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff00000000"]}, 0x2b0) 1.879094558s ago: executing program 4: syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = fsopen(&(0x7f0000000380)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) r5 = socket(0x10, 0x803, 0x0) r6 = dup(r5) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, r6}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r7}, 0x10) r8 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r9}, 0x0, &(0x7f0000000040)}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r7, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xbe17, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x5}, 0x48) syz_open_procfs(0x0, &(0x7f00000000c0)='syscall\x00') socket$nl_route(0x10, 0x3, 0x0) r10 = socket(0x1, 0x803, 0x0) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) 708.394195ms ago: executing program 3: r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$kcm(0x2, 0xa, 0x2) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, &(0x7f0000000280), 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000001c0)) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000080)=[@register_looper], 0x0, 0x100000000000000, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000580)=[@acquire, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 536.736881ms ago: executing program 4: futex(&(0x7f0000000700)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0) rt_sigreturn() mlockall(0x3) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_pktinfo(r0, 0x0, 0x8, 0x0, 0x0) 379.212397ms ago: executing program 3: r0 = gettid() timer_create(0x0, &(0x7f0000000180)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={'ipvlan0\x00', 0x2}) preadv2(r1, 0x0, 0x0, 0x0, 0x0, 0x0) close(r1) rt_sigreturn() futex(&(0x7f0000000700)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) r2 = creat(&(0x7f0000000540)='./file0\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x8020003) utime(&(0x7f0000000180)='./file0\x00', 0x0) 281.423647ms ago: executing program 4: r0 = gettid() r1 = signalfd(0xffffffffffffffff, &(0x7f0000000080), 0x8) ioctl$FIONREAD(0xffffffffffffffff, 0x541b, 0x0) readv(r1, 0x0, 0x0) close(r1) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) rt_sigreturn() mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) semctl$GETNCNT(0xffffffffffffffff, 0x0, 0x3, 0x0) 158.869763ms ago: executing program 3: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) pipe2$9p(0x0, 0x0) write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000380)=ANY=[], 0xb0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB]) chdir(0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) recvmmsg(r1, &(0x7f0000000380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) shutdown(r1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) 145.552006ms ago: executing program 2: r0 = socket$phonet_pipe(0x23, 0x5, 0x2) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@mcast1, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@private}, 0x0, @in=@dev, 0x0, 0x0, 0x0, 0x7}}, 0xe8) sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0xfffffffffffffffe) write$binfmt_script(r0, 0x0, 0x12c) ioctl$SIOCPNENABLEPIPE(r0, 0x89ed, 0x0) write$FUSE_LK(0xffffffffffffffff, 0x0, 0x0) 0s ago: executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x2000c7fd, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) kernel console output (not intermixed with test programs): : Enslaving as an active interface with an up link [ 427.015265][T11166] team0: Port device team_slave_0 added [ 427.065063][T11166] team0: Port device team_slave_1 added [ 427.231158][ T5110] Bluetooth: hci2: command 0x0406 tx timeout [ 427.254762][T11166] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 427.281527][T11166] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 427.396071][T11166] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 427.468757][T11166] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 427.475847][T11166] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 427.514213][T11166] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 427.992298][T11166] hsr_slave_0: entered promiscuous mode [ 428.044674][T11166] hsr_slave_1: entered promiscuous mode [ 428.084239][T11166] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 428.104263][T11166] Cannot create hsr debugfs directory [ 428.445867][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 428.677438][ T5119] Bluetooth: hci4: command tx timeout [ 428.906063][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 429.294223][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 429.533681][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 429.784544][T11277] chnl_net:caif_netlink_parms(): no params data found [ 430.658989][T11277] bridge0: port 1(bridge_slave_0) entered blocking state [ 430.666376][T11277] bridge0: port 1(bridge_slave_0) entered disabled state [ 430.687718][T11277] bridge_slave_0: entered allmulticast mode [ 430.707394][T11277] bridge_slave_0: entered promiscuous mode [ 430.908858][T11277] bridge0: port 2(bridge_slave_1) entered blocking state [ 430.916191][T11277] bridge0: port 2(bridge_slave_1) entered disabled state [ 430.948459][T11277] bridge_slave_1: entered allmulticast mode [ 430.955917][T11277] bridge_slave_1: entered promiscuous mode [ 430.968765][ T12] bridge_slave_1: left allmulticast mode [ 430.974465][ T12] bridge_slave_1: left promiscuous mode [ 431.005560][T11359] loop3: detected capacity change from 0 to 65536 [ 431.013331][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 431.039366][ T12] bridge_slave_0: left allmulticast mode [ 431.045062][ T12] bridge_slave_0: left promiscuous mode [ 431.068051][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 431.123386][T11359] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 431.259237][T11359] XFS (loop3): Ending clean mount [ 431.345577][T11359] XFS (loop3): Quotacheck needed: Please wait. [ 431.465033][T11359] XFS (loop3): Quotacheck: Done. [ 431.589347][ T9070] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 432.323572][T11396] loop3: detected capacity change from 0 to 136 [ 432.868631][T11405] random: crng reseeded on system resumption [ 433.520101][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 433.627759][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 433.676715][ T12] bond0 (unregistering): Released all slaves [ 434.440093][T11277] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 434.483677][T11277] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 434.791259][T11412] loop0: detected capacity change from 0 to 32768 [ 434.848224][T11277] team0: Port device team_slave_0 added [ 434.885959][T11412] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 434.907058][T11277] team0: Port device team_slave_1 added [ 434.990244][ T12] hsr_slave_0: left promiscuous mode [ 435.027518][ T12] hsr_slave_1: left promiscuous mode [ 435.066578][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 435.089018][T11412] XFS (loop0): Ending clean mount [ 435.104642][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 435.123987][T11412] XFS (loop0): Quotacheck needed: Please wait. [ 435.139621][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 435.157339][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 435.197029][T11412] XFS (loop0): Quotacheck: Done. [ 435.239063][ T29] audit: type=1800 audit(1718398356.886:165): pid=11412 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="loop0" ino=6150 res=0 errno=0 [ 435.286648][ T12] veth1_macvtap: left promiscuous mode [ 435.307508][ T12] veth0_macvtap: left promiscuous mode [ 435.313231][ T12] veth1_vlan: left promiscuous mode [ 435.335015][ T12] veth0_vlan: left promiscuous mode [ 435.452079][ T9335] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 436.814223][T11423] loop3: detected capacity change from 0 to 65536 [ 436.926281][T11423] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 437.039897][T11423] XFS (loop3): Ending clean mount [ 437.072921][T11423] XFS (loop3): Quotacheck needed: Please wait. [ 437.201032][T11423] XFS (loop3): Quotacheck: Done. [ 437.257992][ T29] audit: type=1804 audit(1718398358.926:166): pid=11423 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir234820478/syzkaller.GTh9tN/75/file1/file1" dev="loop3" ino=38 res=1 errno=0 [ 437.328562][ T9070] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 437.727491][ T12] team0 (unregistering): Port device team_slave_1 removed [ 437.945272][ T12] team0 (unregistering): Port device team_slave_0 removed [ 439.264142][T11457] loop3: detected capacity change from 0 to 136 [ 439.949784][T11461] random: crng reseeded on system resumption [ 440.514749][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.535449][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.145475][T11277] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 441.181664][T11277] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 441.237852][T11277] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 441.259643][T11277] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 441.266891][T11277] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 441.303870][T11277] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 441.455327][T11166] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 441.565253][T11166] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 441.628461][T11277] hsr_slave_0: entered promiscuous mode [ 441.673881][T11277] hsr_slave_1: entered promiscuous mode [ 441.707350][T11277] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 441.735554][T11277] Cannot create hsr debugfs directory [ 441.747277][T11166] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 441.779372][T11166] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 442.880703][T11166] 8021q: adding VLAN 0 to HW filter on device bond0 [ 442.973902][T11166] 8021q: adding VLAN 0 to HW filter on device team0 [ 443.049848][ T5155] bridge0: port 1(bridge_slave_0) entered blocking state [ 443.057365][ T5155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 443.132297][ T5155] bridge0: port 2(bridge_slave_1) entered blocking state [ 443.139662][ T5155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 443.341500][T11465] loop0: detected capacity change from 0 to 65536 [ 443.356571][T11166] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 443.382757][T11166] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 443.418838][T11465] XFS (loop0): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 443.550609][T11465] XFS (loop0): Ending clean mount [ 443.585705][T11277] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 443.586495][T11465] XFS (loop0): Quotacheck needed: Please wait. [ 443.631921][T11277] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 443.698230][T11277] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 443.730513][T11277] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 443.751612][T11465] XFS (loop0): Quotacheck: Done. [ 443.803593][ T29] audit: type=1804 audit(1718398365.466:167): pid=11465 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir3494656378/syzkaller.gr1HKm/81/file1/file1" dev="loop0" ino=38 res=1 errno=0 [ 443.923270][ T9335] XFS (loop0): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 444.119075][T11166] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 444.175298][T11277] 8021q: adding VLAN 0 to HW filter on device bond0 [ 444.323053][T11277] 8021q: adding VLAN 0 to HW filter on device team0 [ 444.369294][T11166] veth0_vlan: entered promiscuous mode [ 444.392729][ T5107] bridge0: port 1(bridge_slave_0) entered blocking state [ 444.400248][ T5107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 444.469448][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 444.476795][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 444.508039][T11166] veth1_vlan: entered promiscuous mode [ 444.713880][T11166] veth0_macvtap: entered promiscuous mode [ 444.746592][T11166] veth1_macvtap: entered promiscuous mode [ 444.800114][T11166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 444.831828][T11166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 444.862766][T11166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 444.926020][T11166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 444.967838][T11166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 444.997282][T11166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 445.022251][T11166] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 445.059700][T11166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 445.092197][T11166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 445.127588][T11166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 445.147967][T11166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 445.174525][T11166] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 445.195943][T11166] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 445.242205][T11166] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 445.270772][T11166] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.308642][T11166] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.327284][T11166] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.336263][T11166] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.496905][T11277] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 445.672635][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 445.747213][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 445.840836][T11277] veth0_vlan: entered promiscuous mode [ 445.885542][T11277] veth1_vlan: entered promiscuous mode [ 445.973686][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 446.017999][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 446.094534][T11277] veth0_macvtap: entered promiscuous mode [ 446.146520][T11277] veth1_macvtap: entered promiscuous mode [ 446.251149][T11277] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 446.302508][T11277] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 446.334940][T11277] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 446.375345][T11277] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 446.395899][T11277] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 446.427229][T11277] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 446.457337][T11277] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 446.488361][T11277] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 446.529391][T11277] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 446.562921][T11277] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 446.614493][T11277] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 446.655506][T11277] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 446.707221][T11277] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 446.747475][T11277] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 446.787227][T11277] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 446.844163][T11277] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 446.897921][T11277] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 446.948611][T11277] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 447.001766][T11277] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 447.041418][T11277] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 447.077268][T11277] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 447.113861][T11277] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 447.609052][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 447.646121][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 447.779139][ T1108] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 447.826700][ T1108] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 448.429329][ T5110] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 448.445130][ T5110] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 448.456759][ T5110] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 448.467824][ T5110] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 448.490188][ T5110] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 448.504361][ T5110] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 449.419689][T11563] loop1: detected capacity change from 0 to 32768 [ 449.647600][T11563] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 449.674733][ T2863] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.937465][T11563] XFS (loop1): Ending clean mount [ 449.986551][T11563] XFS (loop1): Quotacheck needed: Please wait. [ 450.205550][T11563] XFS (loop1): Quotacheck: Done. [ 450.225012][ T2863] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 450.267432][T11166] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 450.583662][T11600] loop2: detected capacity change from 0 to 32768 [ 450.685158][ T2863] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 450.740353][T11600] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 450.813093][T11618] loop1: detected capacity change from 0 to 128 [ 450.829167][T11618] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 450.836446][ T5110] Bluetooth: hci0: command tx timeout [ 450.864077][T11618] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 450.880285][ T2863] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 450.984863][T11600] XFS (loop2): Ending clean mount [ 451.016080][T11600] XFS (loop2): Quotacheck needed: Please wait. [ 451.144804][T11600] XFS (loop2): Quotacheck: Done. [ 451.231452][T11581] chnl_net:caif_netlink_parms(): no params data found [ 451.317363][ T2863] bridge_slave_1: left allmulticast mode [ 451.323077][ T2863] bridge_slave_1: left promiscuous mode [ 451.351396][ T2863] bridge0: port 2(bridge_slave_1) entered disabled state [ 451.399160][ T2863] bridge_slave_0: left allmulticast mode [ 451.420797][ T2863] bridge_slave_0: left promiscuous mode [ 451.426669][ T2863] bridge0: port 1(bridge_slave_0) entered disabled state [ 451.560020][T11628] loop3: detected capacity change from 0 to 64 [ 451.966140][T11277] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 452.678401][T11632] loop3: detected capacity change from 0 to 32768 [ 452.689171][T11630] loop1: detected capacity change from 0 to 32768 [ 452.718220][T11632] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (11632) [ 452.792281][T11630] gfs2: fsid=statfs_quantum: Trying to join cluster "lock_nolock", "statfs_quantum" [ 452.808120][T11630] gfs2: fsid=statfs_quantum: Now mounting FS (format 1801)... [ 452.815820][T11632] BTRFS info (device loop3): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 452.852415][T11637] loop0: detected capacity change from 0 to 136 [ 452.877705][T11632] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 452.893280][T11632] BTRFS info (device loop3): using free-space-tree [ 452.907289][ T5110] Bluetooth: hci0: command tx timeout [ 453.072793][T11630] gfs2: fsid=statfs_quantum.s: journal 0 mapped with 16 extents in 0ms [ 453.098122][T11632] BTRFS info (device loop3): rebuilding free space tree [ 453.191377][ T29] audit: type=1800 audit(1718398374.856:168): pid=11632 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.3" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 453.297029][ T29] audit: type=1804 audit(1718398374.956:169): pid=11632 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir234820478/syzkaller.GTh9tN/93/file0/file1" dev="loop3" ino=260 res=1 errno=0 [ 453.415271][ T2863] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 453.439544][ T9070] BTRFS info (device loop3): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 453.459570][T11630] gfs2: fsid=statfs_quantum.s: first mount done, others may mount [ 453.462574][ T2863] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 453.482262][ T2863] bond0 (unregistering): Released all slaves [ 453.656176][T11656] random: crng reseeded on system resumption [ 453.802981][T11634] warning: `syz-executor.2' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 454.441200][T11581] bridge0: port 1(bridge_slave_0) entered blocking state [ 454.478429][T11581] bridge0: port 1(bridge_slave_0) entered disabled state [ 454.510315][T11581] bridge_slave_0: entered allmulticast mode [ 454.548482][T11581] bridge_slave_0: entered promiscuous mode [ 454.881852][T11581] bridge0: port 2(bridge_slave_1) entered blocking state [ 454.904433][T11581] bridge0: port 2(bridge_slave_1) entered disabled state [ 454.946064][T11581] bridge_slave_1: entered allmulticast mode [ 454.964177][T11581] bridge_slave_1: entered promiscuous mode [ 454.987368][ T5110] Bluetooth: hci0: command tx timeout [ 455.161736][T11581] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 455.215968][T11581] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 455.347366][ T2863] hsr_slave_0: left promiscuous mode [ 455.394508][T11660] loop3: detected capacity change from 0 to 32768 [ 455.408638][ T2863] hsr_slave_1: left promiscuous mode [ 455.416891][T11660] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (11660) [ 455.487818][ T2863] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 455.521651][ T2863] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 455.531204][T11660] BTRFS info (device loop3): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 455.569208][ T2863] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 455.583464][T11660] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 455.619837][ T2863] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 455.628410][T11660] BTRFS info (device loop3): using free-space-tree [ 455.786405][ T2863] veth1_macvtap: left promiscuous mode [ 455.823092][ T2863] veth0_macvtap: left promiscuous mode [ 455.856043][ T2863] veth1_vlan: left promiscuous mode [ 455.884283][ T2863] veth0_vlan: left promiscuous mode [ 456.109151][T11699] loop1: detected capacity change from 0 to 64 [ 456.157039][ T9070] BTRFS info (device loop3): last unmount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 457.073476][ T5110] Bluetooth: hci0: command tx timeout [ 457.183287][T11697] loop0: detected capacity change from 0 to 32768 [ 457.332256][T11697] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 458.561535][T11726] loop1: detected capacity change from 0 to 136 [ 458.623747][T11697] XFS (loop0): Ending clean mount [ 458.653696][T11697] XFS (loop0): Quotacheck needed: Please wait. [ 458.956407][T11733] binder: 11728:11733 ioctl 4018620d 0 returned -22 [ 459.028018][T11733] loop2: detected capacity change from 0 to 1024 [ 459.065762][T11733] hfsplus: invalid attributes max_key_len 768 [ 459.076346][T11733] hfsplus: failed to load attributes file [ 459.180074][T11697] XFS (loop0): Quotacheck: Done. [ 459.626950][ T9335] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 460.150754][T11739] random: crng reseeded on system resumption [ 460.442122][T11744] loop0: detected capacity change from 0 to 64 [ 460.472202][T11735] loop3: detected capacity change from 0 to 32768 [ 460.506815][T11735] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (11735) [ 460.559760][T11735] BTRFS info (device loop3): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 460.577541][T11735] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 460.607732][T11735] BTRFS info (device loop3): using free-space-tree [ 460.895926][T11737] loop2: detected capacity change from 0 to 32768 [ 460.910532][ T29] audit: type=1800 audit(1718398382.576:170): pid=11735 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.3" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 460.984629][ T2863] team0 (unregistering): Port device team_slave_1 removed [ 460.996312][T11737] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (11737) [ 461.102728][ T9070] BTRFS info (device loop3): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 461.119862][T11737] BTRFS info (device loop2): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 461.163112][T11737] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 461.186472][T11737] BTRFS info (device loop2): using free-space-tree [ 461.364998][ T2863] team0 (unregistering): Port device team_slave_0 removed [ 461.842925][T11277] BTRFS info (device loop2): last unmount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 462.371164][T11788] loop0: detected capacity change from 0 to 2048 [ 462.536582][T11788] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 463.229608][ T29] audit: type=1800 audit(1718398384.886:171): pid=11794 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.2" name="file1" dev="sda1" ino=1950 res=0 errno=0 [ 463.533910][T11783] loop3: detected capacity change from 0 to 65536 [ 463.597307][ T5107] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 463.608821][T11783] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 463.777299][ T5107] usb 1-1: Using ep0 maxpacket: 8 [ 463.807665][T11783] XFS (loop3): Ending clean mount [ 463.855688][ T29] audit: type=1800 audit(1718398385.496:172): pid=11783 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.3" name="file1" dev="loop3" ino=38 res=0 errno=0 [ 463.878442][ T5107] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 463.885605][ T29] audit: type=1800 audit(1718398385.526:173): pid=11783 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.3" name="file1" dev="loop3" ino=38 res=0 errno=0 [ 463.899387][ T5107] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 463.937501][ T9070] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 463.946622][ T5107] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024 [ 463.997507][ T5107] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 464.009178][T11798] loop2: detected capacity change from 0 to 32768 [ 464.037568][ T5107] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 464.088153][ T5107] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 464.128846][T11798] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 464.133602][ T5107] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 464.380538][T11798] XFS (loop2): Ending clean mount [ 464.402091][ T5107] usb 1-1: GET_CAPABILITIES returned 0 [ 464.423222][T11798] XFS (loop2): Quotacheck needed: Please wait. [ 464.430004][ T5107] usbtmc 1-1:16.0: can't read capabilities [ 464.474801][T11798] XFS (loop2): Quotacheck: Done. [ 464.536961][T11581] team0: Port device team_slave_0 added [ 464.552966][T11581] team0: Port device team_slave_1 added [ 464.606246][ T45] usb 1-1: USB disconnect, device number 13 [ 464.679416][T11581] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 464.723004][T11581] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 464.805134][T11581] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 464.837329][T11581] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 464.844336][T11581] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 464.872086][T11581] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 465.182211][T11581] hsr_slave_0: entered promiscuous mode [ 465.241577][T11277] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 465.261586][T11581] hsr_slave_1: entered promiscuous mode [ 465.279789][T11823] loop1: detected capacity change from 0 to 40427 [ 465.289739][T11823] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 465.297779][T11823] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 465.384406][T11823] F2FS-fs (loop1): Found nat_bits in checkpoint [ 465.481349][T11823] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 465.488979][T11823] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 465.512047][T11823] syz-executor.1: attempt to access beyond end of device [ 465.512047][T11823] loop1: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 467.230224][T11581] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 467.275855][T11581] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 467.362515][T11851] sg_write: data in/out 624/1 bytes for SCSI command 0xcb-- guessing data in; [ 467.362515][T11851] program syz-executor.0 not setting count and/or reply_len properly [ 467.489283][T11851] loop0: detected capacity change from 0 to 2048 [ 467.501864][T11851] nilfs2: Unknown parameter './file0' [ 467.802185][T11581] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 467.962367][T11581] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 468.198445][T11581] 8021q: adding VLAN 0 to HW filter on device bond0 [ 468.230742][T11581] 8021q: adding VLAN 0 to HW filter on device team0 [ 468.280324][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 468.287729][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 468.352673][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 468.360003][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 468.610999][T11847] loop1: detected capacity change from 0 to 32768 [ 468.657398][T11847] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (11847) [ 468.730968][T11847] BTRFS info (device loop1): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 468.758381][T11847] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 468.783029][T11847] BTRFS info (device loop1): using free-space-tree [ 468.889424][T11843] loop3: detected capacity change from 0 to 65536 [ 468.925437][T11581] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 468.980603][T11843] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 469.090742][T11843] XFS (loop3): Ending clean mount [ 469.136701][ T29] audit: type=1800 audit(1718398390.796:174): pid=11843 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.3" name="file1" dev="loop3" ino=38 res=0 errno=0 [ 469.203951][ T29] audit: type=1800 audit(1718398390.866:175): pid=11843 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.3" name="file1" dev="loop3" ino=38 res=0 errno=0 [ 469.442602][ T9070] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 469.484010][T11166] BTRFS info (device loop1): last unmount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 469.571968][T11890] loop2: detected capacity change from 0 to 40427 [ 469.581343][T11890] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 469.589378][T11890] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 469.644278][T11890] F2FS-fs (loop2): Found nat_bits in checkpoint [ 469.736484][T11890] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 469.743999][T11890] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 469.809908][T11890] syz-executor.2: attempt to access beyond end of device [ 469.809908][T11890] loop2: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 470.055035][T11581] veth0_vlan: entered promiscuous mode [ 470.071576][T11892] loop0: detected capacity change from 0 to 32768 [ 470.104766][T11581] veth1_vlan: entered promiscuous mode [ 470.118333][T11892] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (11892) [ 470.225583][T11581] veth0_macvtap: entered promiscuous mode [ 470.263943][T11581] veth1_macvtap: entered promiscuous mode [ 470.337296][T11892] BTRFS info (device loop0): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 470.359399][T11902] netlink: 'syz-executor.1': attribute type 7 has an invalid length. [ 470.367270][T11892] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 470.401312][T11892] BTRFS info (device loop0): using free-space-tree [ 470.470448][T11581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 470.482034][T11581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.506897][T11581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 470.519717][T11581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.529982][T11581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 470.569408][T11581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.580610][T11581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 470.592315][T11581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.616333][T11581] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 470.646878][T11581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 470.669143][T11581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.698063][T11581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 470.729186][T11581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.765038][T11581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 470.778491][T11581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.789006][T11581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 470.800080][T11581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.811988][T11581] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 470.823682][T11581] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 470.833464][T11581] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 470.842282][T11581] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 470.851445][T11581] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 470.919391][ T29] audit: type=1800 audit(1718398392.586:176): pid=11892 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="loop0" ino=260 res=0 errno=0 [ 471.148464][ T2863] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 471.192900][ T2863] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 471.333644][T11927] loop1: detected capacity change from 0 to 128 [ 471.364019][T11927] befs: (loop1): cannot parse mount options [ 471.373731][ T2936] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 471.417398][ T2936] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 471.546247][ T9335] BTRFS info (device loop0): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 472.710714][T11950] loop2: detected capacity change from 0 to 1024 [ 472.838152][T11939] loop3: detected capacity change from 0 to 32768 [ 472.887640][T11939] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (11939) [ 472.972968][T11939] BTRFS info (device loop3): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 472.993630][T11954] netlink: 'syz-executor.4': attribute type 7 has an invalid length. [ 473.019606][T11939] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 473.037327][T11939] BTRFS info (device loop3): using free-space-tree [ 473.131628][T11936] loop1: detected capacity change from 0 to 32768 [ 473.238206][T11936] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (11936) [ 473.315801][T11936] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 473.358892][T11936] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 473.396071][T11936] BTRFS info (device loop1): using free-space-tree [ 473.525523][ T9070] BTRFS info (device loop3): last unmount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 473.802530][T11936] BTRFS info (device loop1): setting incompat feature flag for SIMPLE_QUOTA (0x10000) [ 473.972312][T11166] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 474.192393][ T12] hfsplus: b-tree write err: -5, ino 8 [ 474.473739][T11992] loop4: detected capacity change from 0 to 32768 [ 474.518488][T11992] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (11992) [ 474.627334][T11992] BTRFS info (device loop4): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 474.677443][T11992] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 474.721310][T11992] BTRFS info (device loop4): using free-space-tree [ 474.835131][T12008] loop1: detected capacity change from 0 to 128 [ 474.852231][T12008] befs: (loop1): cannot parse mount options [ 475.082353][ T29] audit: type=1800 audit(1718398396.726:177): pid=11992 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.4" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 476.058898][T11581] BTRFS info (device loop4): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 476.338468][T12044] loop0: detected capacity change from 0 to 64 [ 476.528111][T12044] overlayfs: missing 'lowerdir' [ 477.035480][T12049] loop0: detected capacity change from 0 to 40427 [ 477.075216][T12006] loop3: detected capacity change from 0 to 32768 [ 477.129785][T12049] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 477.137685][T12049] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 477.209971][T12006] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 477.221697][T12049] F2FS-fs (loop0): Found nat_bits in checkpoint [ 477.227410][T12006] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 477.265501][T12049] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 477.272825][T12049] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 477.402277][T12055] syz-executor.0: attempt to access beyond end of device [ 477.402277][T12055] loop0: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 477.836219][T12006] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 477.871324][T12042] loop1: detected capacity change from 0 to 32768 [ 477.886203][ T5107] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 477.897050][T12042] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (12042) [ 477.914250][ T5107] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 477.955888][T12042] BTRFS info (device loop1): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 477.997492][T12042] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 478.032131][T12042] BTRFS info (device loop1): using free-space-tree [ 478.042425][ T5107] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 128ms [ 478.074050][ T5107] gfs2: fsid=syz:syz.0: jid=0: Done [ 478.096315][T12006] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 478.143577][T12006] gfs2: fsid=syz:syz.0: can't create logd thread: -4 [ 478.596845][T11166] BTRFS info (device loop1): last unmount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 478.601081][T12079] loop2: detected capacity change from 0 to 128 [ 478.736804][T12079] befs: (loop2): cannot parse mount options [ 480.583069][T12102] loop0: detected capacity change from 0 to 64 [ 480.716111][T12102] overlayfs: missing 'lowerdir' [ 481.641189][T12113] loop3: detected capacity change from 0 to 32768 [ 481.880911][T12104] loop1: detected capacity change from 0 to 32768 [ 481.890805][T12104] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (12104) [ 481.963082][T12104] BTRFS info (device loop1): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 481.970009][T12113] bcachefs (loop3): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,noshard_inode_numbers,noinodes_use_key_cache,gc_reserve_bytes=512 GiB,nojournal_transaction_names [ 481.993867][T12104] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 482.058430][T12113] bcachefs (loop3): recovering from clean shutdown, journal seq 8 [ 482.075408][T12104] BTRFS info (device loop1): using free-space-tree [ 482.143391][T12113] bcachefs (loop3): alloc_read... done [ 482.161438][T12113] bcachefs (loop3): stripes_read... done [ 482.186410][T12113] bcachefs (loop3): snapshots_read... done [ 482.220317][T12113] bcachefs (loop3): journal_replay... done [ 482.250933][T12113] bcachefs (loop3): resume_logged_ops... done [ 482.291019][T12113] bcachefs (loop3): going read-write [ 482.343895][ T29] audit: type=1800 audit(1718398403.966:178): pid=12104 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.1" name="file1" dev="loop1" ino=260 res=0 errno=0 [ 482.434624][T12113] bcachefs (loop3): done starting filesystem [ 482.662883][T11166] BTRFS info (device loop1): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 483.269826][ T9070] bcachefs (loop3): shutting down [ 483.275352][ T9070] bcachefs (loop3): going read-only [ 483.283374][ T9070] bcachefs (loop3): finished waiting for writes to stop [ 483.308117][ T9070] bcachefs (loop3): flushing journal and stopping allocators, journal seq 10 [ 483.368013][ T9070] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 12 [ 483.388371][ T9070] bcachefs (loop3): shutdown complete, journal seq 13 [ 483.396200][ T9070] bcachefs (loop3): marking filesystem clean [ 483.431492][T12127] loop2: detected capacity change from 0 to 32768 [ 483.561330][T12127] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (12127) [ 483.585042][ T9070] bcachefs (loop3): shutdown complete [ 483.624282][T12127] BTRFS info (device loop2): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 483.661214][T12127] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 483.684495][T12127] BTRFS info (device loop2): using free-space-tree [ 483.885404][ T29] audit: type=1800 audit(1718398405.546:179): pid=12127 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.2" name="file1" dev="loop2" ino=260 res=0 errno=0 [ 484.038297][ T29] audit: type=1800 audit(1718398405.586:180): pid=12127 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.2" name="file1" dev="loop2" ino=260 res=0 errno=0 [ 484.079280][T12129] loop4: detected capacity change from 0 to 32768 [ 484.173280][T11277] BTRFS info (device loop2): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 484.190919][T12129] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 484.208943][T12129] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 484.424911][T12178] loop1: detected capacity change from 0 to 64 [ 484.484461][T12129] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 484.528075][T12178] overlayfs: missing 'lowerdir' [ 484.571114][ T5188] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 484.579059][ T5188] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 484.682034][ T5188] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 102ms [ 484.712451][ T5188] gfs2: fsid=syz:syz.0: jid=0: Done [ 484.744984][T12129] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 485.802493][T12183] loop0: detected capacity change from 0 to 128 [ 486.003865][T12183] befs: (loop0): cannot parse mount options [ 486.798994][T12197] loop3: detected capacity change from 0 to 32768 [ 486.843885][T12197] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (12197) [ 486.917391][T12199] loop2: detected capacity change from 0 to 32768 [ 486.929644][T12199] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (12199) [ 486.970118][T12197] BTRFS info (device loop3): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 486.997737][T12197] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 487.014135][T12197] BTRFS info (device loop3): using free-space-tree [ 487.067637][T12199] BTRFS info (device loop2): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 487.156445][T12199] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 487.168629][T12199] BTRFS info (device loop2): using free-space-tree [ 487.354749][T12197] BTRFS info (device loop3): rebuilding free space tree [ 487.456877][ T29] audit: type=1800 audit(1718398409.116:181): pid=12199 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.2" name="file1" dev="loop2" ino=260 res=0 errno=0 [ 487.546041][ T29] audit: type=1800 audit(1718398409.186:182): pid=12197 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.3" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 487.634499][ T29] audit: type=1804 audit(1718398409.296:183): pid=12238 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir234820478/syzkaller.GTh9tN/117/file0/file1" dev="loop3" ino=260 res=1 errno=0 [ 487.807950][ T9070] BTRFS info (device loop3): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 487.927324][T11277] BTRFS info (device loop2): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 488.864207][T12254] loop3: detected capacity change from 0 to 2048 [ 488.877467][T12242] loop4: detected capacity change from 0 to 4096 [ 488.908841][T12240] loop0: detected capacity change from 0 to 32768 [ 488.939478][T12240] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (12240) [ 488.957209][T12254] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 488.984697][T12242] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 488.994804][T12240] BTRFS info (device loop0): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 489.012612][T12240] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 489.030524][T12240] BTRFS info (device loop0): using free-space-tree [ 489.636562][ T29] audit: type=1800 audit(1718398411.276:184): pid=12240 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="loop0" ino=260 res=0 errno=0 [ 489.706799][T12275] loop2: detected capacity change from 0 to 64 [ 489.741699][ T29] audit: type=1800 audit(1718398411.336:185): pid=12240 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="loop0" ino=260 res=0 errno=0 [ 489.920912][T12275] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore [ 489.970444][T12275] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 489.976481][ T9335] BTRFS info (device loop0): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 490.455151][T12287] loop1: detected capacity change from 0 to 128 [ 490.589147][T12287] befs: (loop1): cannot parse mount options [ 491.559841][T12283] loop3: detected capacity change from 0 to 32768 [ 491.586547][T12283] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 491.634725][T12283] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 491.676381][T12291] loop2: detected capacity change from 0 to 32768 [ 491.702634][T12291] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (12291) [ 491.705830][T12283] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 491.741925][T12291] BTRFS info (device loop2): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 491.766092][T12291] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 491.804202][T12291] BTRFS info (device loop2): using free-space-tree [ 491.835905][ T8] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 491.851721][ T8] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 492.047029][ T29] audit: type=1800 audit(1718398413.706:186): pid=12291 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.2" name="file1" dev="loop2" ino=260 res=0 errno=0 [ 492.273502][ T8] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 421ms [ 492.337863][ T8] gfs2: fsid=syz:syz.0: jid=0: Done [ 492.363614][T12283] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 492.662686][T11277] BTRFS info (device loop2): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 493.074929][T12333] loop0: detected capacity change from 0 to 64 [ 493.185452][T12333] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore [ 493.228881][T12333] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 493.423492][T12327] loop4: detected capacity change from 0 to 32768 [ 493.479332][T12327] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (12327) [ 493.582367][T12327] BTRFS info (device loop4): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 493.628483][T12327] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 493.664198][T12327] BTRFS info (device loop4): using free-space-tree [ 493.872356][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port [::1]:20002. Sending cookies. [ 494.161613][ T29] audit: type=1800 audit(1718398415.776:187): pid=12327 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.4" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 494.195671][ T29] audit: type=1800 audit(1718398415.796:188): pid=12327 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.4" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 494.252824][T11581] BTRFS info (device loop4): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 494.304185][T12361] loop2: detected capacity change from 0 to 4096 [ 494.361890][T12361] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 495.211853][T12339] loop0: detected capacity change from 0 to 32768 [ 495.396023][T12339] bcachefs (loop0): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,noshard_inode_numbers,noinodes_use_key_cache,gc_reserve_bytes=512 GiB,nojournal_transaction_names [ 495.458569][T12339] bcachefs (loop0): recovering from clean shutdown, journal seq 8 [ 495.728581][T12339] bcachefs (loop0): alloc_read... done [ 495.752080][T12339] bcachefs (loop0): stripes_read... done [ 495.777418][T12339] bcachefs (loop0): snapshots_read... done [ 495.811397][T12339] bcachefs (loop0): journal_replay... done [ 495.831204][T12339] bcachefs (loop0): resume_logged_ops... done [ 495.873955][T12339] bcachefs (loop0): going read-write [ 496.086552][T12339] bcachefs (loop0): done starting filesystem [ 496.620356][T12396] loop3: detected capacity change from 0 to 64 [ 496.633615][T12373] loop4: detected capacity change from 0 to 32768 [ 496.670737][T12373] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (12373) [ 496.783124][T12373] BTRFS info (device loop4): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 496.796946][T12396] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore [ 496.810783][T12396] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 496.876487][T12373] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 496.964962][T12373] BTRFS info (device loop4): using free-space-tree [ 497.299909][ T9335] bcachefs (loop0): shutting down [ 497.305008][ T9335] bcachefs (loop0): going read-only [ 497.317506][ T9335] bcachefs (loop0): finished waiting for writes to stop [ 497.345657][ T9335] bcachefs (loop0): flushing journal and stopping allocators, journal seq 10 [ 497.412602][ T9335] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 11 [ 497.451537][ T9335] bcachefs (loop0): shutdown complete, journal seq 12 [ 497.611508][ T9335] bcachefs (loop0): marking filesystem clean [ 498.531467][T12426] netlink: 140 bytes leftover after parsing attributes in process `syz-executor.3'. [ 498.564863][T12426] xfrm0 speed is unknown, defaulting to 1000 [ 498.574268][T12426] xfrm0 speed is unknown, defaulting to 1000 [ 498.588097][T12426] xfrm0 speed is unknown, defaulting to 1000 [ 498.601687][ T9335] bcachefs (loop0): shutdown complete [ 498.706759][T12426] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 498.757924][T11581] BTRFS info (device loop4): last unmount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 498.893624][T12426] xfrm0 speed is unknown, defaulting to 1000 [ 498.934179][T12426] xfrm0 speed is unknown, defaulting to 1000 [ 499.064610][T12426] xfrm0 speed is unknown, defaulting to 1000 [ 499.109155][T12426] xfrm0 speed is unknown, defaulting to 1000 [ 499.209746][T12426] xfrm0 speed is unknown, defaulting to 1000 [ 499.670464][T12428] loop2: detected capacity change from 0 to 32768 [ 499.958342][T12428] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 500.833935][T12428] XFS (loop2): Ending clean mount [ 500.919814][T12428] XFS (loop2): Quotacheck needed: Please wait. [ 500.984922][T12458] loop4: detected capacity change from 0 to 1024 [ 501.083800][T12428] XFS (loop2): Quotacheck: Done. [ 501.156254][ T29] audit: type=1804 audit(1718398422.806:189): pid=12428 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir2874949016/syzkaller.EMCnnH/32/file0/file1" dev="loop2" ino=6150 res=1 errno=0 [ 501.240496][ T29] audit: type=1804 audit(1718398422.816:190): pid=12428 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir2874949016/syzkaller.EMCnnH/32/file0/file1" dev="loop2" ino=6150 res=1 errno=0 [ 501.341866][T11277] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 501.371616][ T29] audit: type=1804 audit(1718398422.826:191): pid=12428 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir2874949016/syzkaller.EMCnnH/32/file0/file1" dev="loop2" ino=6150 res=1 errno=0 [ 501.713750][T12440] loop0: detected capacity change from 0 to 32768 [ 501.746205][T12440] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (12440) [ 501.799341][T12433] loop1: detected capacity change from 0 to 65536 [ 501.847366][T12440] BTRFS info (device loop0): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 501.863525][T12440] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 501.875462][T12440] BTRFS info (device loop0): using free-space-tree [ 501.919677][T12433] workqueue: Failed to create a rescuer kthread for wq "xfs-inodegc/loop1": -EINTR [ 501.952652][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.972035][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.417906][ T29] audit: type=1800 audit(1718398424.076:192): pid=12440 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="loop0" ino=260 res=0 errno=0 [ 502.461330][ T29] audit: type=1800 audit(1718398424.106:193): pid=12440 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="loop0" ino=260 res=0 errno=0 [ 502.720076][ T9335] BTRFS info (device loop0): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 502.855155][ T2863] hfsplus: b-tree write err: -5, ino 8 [ 502.914875][T12490] loop2: detected capacity change from 0 to 4096 [ 503.052450][T12490] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 505.871556][T12490] ntfs3: loop2: Failed to read $UpCase (-4). [ 508.096456][T12530] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 508.239722][T12532] sg_write: data in/out 624/1 bytes for SCSI command 0xcb-- guessing data in; [ 508.239722][T12532] program syz-executor.1 not setting count and/or reply_len properly [ 508.364583][T12532] loop1: detected capacity change from 0 to 2048 [ 508.377934][T12532] nilfs2: Unknown parameter './file0' [ 512.494949][T12559] loop1: detected capacity change from 0 to 4096 [ 512.584884][T12562] fuse: Bad value for 'fd' [ 512.598996][ T29] audit: type=1326 audit(1718398434.266:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12546 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f62e9a7cea9 code=0x0 [ 513.233899][T12548] loop2: detected capacity change from 0 to 32768 [ 513.393215][T12548] BTRFS: device fsid c6b85f58-0c7e-41ca-a553-c8d9f94f6663 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (12548) [ 513.590259][T12548] BTRFS info (device loop2): first mount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 513.602480][T12548] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 513.672564][T12548] BTRFS info (device loop2): using free-space-tree [ 513.959902][T12559] overlayfs: upper fs does not support tmpfile. [ 513.976391][T12559] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 513.987314][ T29] audit: type=1800 audit(1718398435.646:195): pid=12548 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.2" name="file1" dev="loop2" ino=260 res=0 errno=0 [ 514.141144][T11166] ntfs3: loop1: failed to convert "0000" to cp950 [ 514.187341][T11166] ntfs3: loop1: failed to convert name for inode 1e. [ 514.221465][ T29] audit: type=1800 audit(1718398435.886:196): pid=12595 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=1957 res=0 errno=0 [ 514.300664][ T29] audit: type=1804 audit(1718398435.916:197): pid=12595 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3494656378/syzkaller.gr1HKm/130/file0" dev="sda1" ino=1957 res=1 errno=0 [ 514.372824][ T29] audit: type=1804 audit(1718398435.926:198): pid=12595 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3494656378/syzkaller.gr1HKm/130/file0" dev="sda1" ino=1957 res=1 errno=0 [ 514.494647][T11277] BTRFS info (device loop2): last unmount of filesystem c6b85f58-0c7e-41ca-a553-c8d9f94f6663 [ 515.683271][T12605] loop4: detected capacity change from 0 to 128 [ 515.742939][T12605] befs: (loop4): cannot parse mount options [ 515.876368][ T164] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.330013][ T164] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 516.395743][T12608] loop2: detected capacity change from 0 to 4096 [ 516.501082][T12608] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 517.139647][ T164] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 517.558342][ T5110] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 517.587772][ T5110] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 517.608342][ T164] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 517.619820][ T5110] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 517.667520][ T5110] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 517.717680][ T5110] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 517.745652][ T5110] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 517.990531][T12623] xfrm0 speed is unknown, defaulting to 1000 [ 518.330105][ T164] bridge_slave_1: left allmulticast mode [ 518.338657][ T164] bridge_slave_1: left promiscuous mode [ 518.366875][ T164] bridge0: port 2(bridge_slave_1) entered disabled state [ 518.404032][ T164] bridge_slave_0: left allmulticast mode [ 518.510705][ T164] bridge_slave_0: left promiscuous mode [ 518.527919][ T164] bridge0: port 1(bridge_slave_0) entered disabled state [ 519.291701][T12636] loop3: detected capacity change from 0 to 512 [ 519.339468][T12636] ext3: Bad value for 'journal_dev' [ 519.382262][ T29] audit: type=1800 audit(1718398441.046:199): pid=12642 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=1961 res=0 errno=0 [ 519.437362][ T5098] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 519.447881][T12636] loop3: detected capacity change from 0 to 64 [ 519.492909][ T29] audit: type=1804 audit(1718398441.126:200): pid=12642 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2874949016/syzkaller.EMCnnH/37/file0" dev="sda1" ino=1961 res=1 errno=0 [ 519.583186][ T29] audit: type=1804 audit(1718398441.156:201): pid=12642 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2874949016/syzkaller.EMCnnH/37/file0" dev="sda1" ino=1961 res=1 errno=0 [ 519.789280][ T5119] Bluetooth: hci1: command tx timeout [ 520.367085][T12636] syz-executor.3: attempt to access beyond end of device [ 520.367085][T12636] loop3: rw=34817, sector=168, nr_sectors = 538 limit=64 [ 520.675710][ T51] kworker/u8:3: attempt to access beyond end of device [ 520.675710][ T51] loop3: rw=1, sector=65, nr_sectors = 1 limit=64 [ 520.707294][ T51] Buffer I/O error on dev loop3, logical block 65, lost async page write [ 520.727351][ T51] kworker/u8:3: attempt to access beyond end of device [ 520.727351][ T51] loop3: rw=1, sector=66, nr_sectors = 1 limit=64 [ 520.765762][ T51] Buffer I/O error on dev loop3, logical block 66, lost async page write [ 520.795267][ T51] kworker/u8:3: attempt to access beyond end of device [ 520.795267][ T51] loop3: rw=1, sector=67, nr_sectors = 1 limit=64 [ 520.823633][ T51] Buffer I/O error on dev loop3, logical block 67, lost async page write [ 520.845313][ T51] kworker/u8:3: attempt to access beyond end of device [ 520.845313][ T51] loop3: rw=1, sector=68, nr_sectors = 1 limit=64 [ 520.870433][ T51] Buffer I/O error on dev loop3, logical block 68, lost async page write [ 520.887285][ T51] kworker/u8:3: attempt to access beyond end of device [ 520.887285][ T51] loop3: rw=1, sector=72, nr_sectors = 1 limit=64 [ 520.914422][ T51] Buffer I/O error on dev loop3, logical block 72, lost async page write [ 520.934639][ T51] kworker/u8:3: attempt to access beyond end of device [ 520.934639][ T51] loop3: rw=1, sector=73, nr_sectors = 1 limit=64 [ 520.960792][ T51] Buffer I/O error on dev loop3, logical block 73, lost async page write [ 520.979833][ T51] kworker/u8:3: attempt to access beyond end of device [ 520.979833][ T51] loop3: rw=1, sector=76, nr_sectors = 1 limit=64 [ 521.007255][ T51] Buffer I/O error on dev loop3, logical block 76, lost async page write [ 521.040630][ T51] kworker/u8:3: attempt to access beyond end of device [ 521.040630][ T51] loop3: rw=1, sector=77, nr_sectors = 1 limit=64 [ 521.066706][ T51] Buffer I/O error on dev loop3, logical block 77, lost async page write [ 521.099289][ T51] kworker/u8:3: attempt to access beyond end of device [ 521.099289][ T51] loop3: rw=1, sector=78, nr_sectors = 89 limit=64 [ 521.400729][ T164] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 521.445359][ T164] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 521.481470][ T164] bond0 (unregistering): Released all slaves [ 521.868810][ T5119] Bluetooth: hci1: command tx timeout [ 522.331027][T12663] fuse: Bad value for 'fd' [ 522.374050][ T29] audit: type=1326 audit(1718398444.016:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12654 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff5a4a7cea9 code=0x0 [ 522.524112][T12666] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 523.598190][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port [::1]:20002. Sending cookies. [ 523.842294][ T164] hsr_slave_0: left promiscuous mode [ 523.873420][ T164] hsr_slave_1: left promiscuous mode [ 523.893727][ T164] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 523.919996][ T164] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 523.943079][T12679] loop0: detected capacity change from 0 to 4096 [ 523.949804][ T5119] Bluetooth: hci1: command tx timeout [ 523.998158][ T164] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 524.014021][T12679] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 524.017379][ T164] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 524.098575][ T164] veth1_macvtap: left promiscuous mode [ 524.121020][ T164] veth0_macvtap: left promiscuous mode [ 524.143648][ T164] veth1_vlan: left promiscuous mode [ 524.165027][ T164] veth0_vlan: left promiscuous mode [ 524.866082][T12683] loop2: detected capacity change from 0 to 32768 [ 524.917759][T12683] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (12683) [ 524.972762][T12683] BTRFS info (device loop2): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 525.003708][T12683] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 525.034240][T12683] BTRFS info (device loop2): using free-space-tree [ 525.352811][T12683] BTRFS info (device loop2): rebuilding free space tree [ 525.514854][T11277] BTRFS info (device loop2): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 526.036387][ T5119] Bluetooth: hci1: command tx timeout [ 526.388001][T12691] loop4: detected capacity change from 0 to 32768 [ 526.432743][T12691] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (12691) [ 526.631490][T12691] BTRFS info (device loop4): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 526.695969][T12691] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 526.718145][T12691] BTRFS info (device loop4): using free-space-tree [ 527.045193][T12715] kvm: kvm [12713]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000 [ 527.089390][T12715] kvm: kvm [12713]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000 [ 527.131234][T12715] kvm: kvm [12713]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000 [ 527.218599][T12715] kvm: kvm [12713]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000 [ 527.236864][T12715] kvm: kvm [12713]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000 [ 527.257750][T12715] kvm: kvm [12713]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000 [ 528.454550][ T1108] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 528.481875][T11581] BTRFS info (device loop4): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 528.530398][ T164] team0 (unregistering): Port device team_slave_1 removed [ 528.805027][ T164] team0 (unregistering): Port device team_slave_0 removed [ 529.105349][T12732] loop3: detected capacity change from 0 to 65536 [ 529.218652][T12732] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 529.289285][T12732] XFS (loop3): Ending clean mount [ 529.305429][T12732] XFS (loop3): Quotacheck needed: Please wait. [ 529.482090][T12732] XFS (loop3): Quotacheck: Done. [ 529.544568][ T29] audit: type=1804 audit(1718398451.186:203): pid=12732 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir234820478/syzkaller.GTh9tN/137/file1/file1" dev="loop3" ino=38 res=1 errno=0 [ 529.584689][ T29] audit: type=1804 audit(1718398451.236:204): pid=12732 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir234820478/syzkaller.GTh9tN/137/file1/file1" dev="loop3" ino=38 res=1 errno=0 [ 529.694388][ T9070] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 530.559711][T12765] netlink: 140 bytes leftover after parsing attributes in process `syz-executor.3'. [ 530.726954][T12748] netlink: 'syz-executor.0': attribute type 7 has an invalid length. [ 530.735633][T12748] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 530.868495][T12623] chnl_net:caif_netlink_parms(): no params data found [ 531.433980][T12781] fuse: Bad value for 'fd' [ 531.533196][ T29] audit: type=1326 audit(1718398453.106:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12766 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff5a4a7cea9 code=0x0 [ 531.777265][T12623] bridge0: port 1(bridge_slave_0) entered blocking state [ 531.812257][T12623] bridge0: port 1(bridge_slave_0) entered disabled state [ 531.857425][T12623] bridge_slave_0: entered allmulticast mode [ 531.864794][T12623] bridge_slave_0: entered promiscuous mode [ 531.967681][T12623] bridge0: port 2(bridge_slave_1) entered blocking state [ 531.994357][T12623] bridge0: port 2(bridge_slave_1) entered disabled state [ 532.006861][T12623] bridge_slave_1: entered allmulticast mode [ 532.031189][T12623] bridge_slave_1: entered promiscuous mode [ 532.143453][T12623] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 532.185245][T12623] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 532.225441][T12787] kvm: kvm [12786]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000 [ 532.247695][T12787] kvm: kvm [12786]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000 [ 532.276159][T12787] kvm: kvm [12786]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000 [ 532.334854][T12787] kvm: kvm [12786]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000 [ 532.345702][T12623] team0: Port device team_slave_0 added [ 532.361688][T12787] kvm: kvm [12786]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000 [ 532.386681][T12623] team0: Port device team_slave_1 added [ 532.388503][T12787] kvm: kvm [12786]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000 [ 532.493429][T12623] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 532.517217][T12623] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 532.595423][T12623] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 532.627473][T12623] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 532.634734][T12623] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 532.703654][T12623] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 532.708055][T12785] loop2: detected capacity change from 0 to 32768 [ 532.789633][T12785] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (12785) [ 532.895841][T12785] BTRFS info (device loop2): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 532.933339][T12623] hsr_slave_0: entered promiscuous mode [ 532.939362][T12785] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 532.959531][T12623] hsr_slave_1: entered promiscuous mode [ 532.992275][T12623] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 533.007290][T12785] BTRFS info (device loop2): using free-space-tree [ 533.014936][T12794] loop3: detected capacity change from 0 to 128 [ 533.031385][T12623] Cannot create hsr debugfs directory [ 533.108026][T12794] befs: (loop3): cannot parse mount options [ 533.301088][ T5472] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 533.672115][T12791] loop4: detected capacity change from 0 to 40427 [ 533.714420][T12791] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 533.754534][T12791] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 533.803855][T12791] F2FS-fs (loop4): invalid crc value [ 533.864430][T12791] F2FS-fs (loop4): Found nat_bits in checkpoint [ 534.027667][T12791] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 534.062658][T12791] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 535.139108][T12623] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 535.164764][T12623] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 535.210388][T12623] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 535.257493][T12623] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 535.389925][T10231] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 535.430820][T10231] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 535.629865][T12623] 8021q: adding VLAN 0 to HW filter on device bond0 [ 535.754846][T12623] 8021q: adding VLAN 0 to HW filter on device team0 [ 535.804074][T11277] BTRFS info (device loop2): last unmount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 535.899967][ T5158] bridge0: port 1(bridge_slave_0) entered blocking state [ 535.907225][ T5158] bridge0: port 1(bridge_slave_0) entered forwarding state [ 535.978337][ T5158] bridge0: port 2(bridge_slave_1) entered blocking state [ 535.985556][ T5158] bridge0: port 2(bridge_slave_1) entered forwarding state [ 536.745840][T12838] netlink: 'syz-executor.4': attribute type 7 has an invalid length. [ 536.767489][T12838] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 536.821561][T12623] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 537.001767][T12623] veth0_vlan: entered promiscuous mode [ 537.042724][T12623] veth1_vlan: entered promiscuous mode [ 537.094727][T12828] loop0: detected capacity change from 0 to 32768 [ 537.125261][T12828] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (12828) [ 537.140317][T12623] veth0_macvtap: entered promiscuous mode [ 537.170689][T12623] veth1_macvtap: entered promiscuous mode [ 537.216772][T12828] BTRFS info (device loop0): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 537.225545][T12844] kvm: kvm [12841]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000 [ 537.240367][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 537.247291][T12828] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 537.251822][ T5188] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 537.267609][T12844] kvm: kvm [12841]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000 [ 537.272851][T12831] loop3: detected capacity change from 0 to 32768 [ 537.276714][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 537.293020][T12828] BTRFS info (device loop0): using free-space-tree [ 537.295893][T12844] kvm: kvm [12841]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000 [ 537.323013][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 537.333658][T12831] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (12831) [ 537.357985][T12844] kvm: kvm [12841]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000 [ 537.370555][T12831] BTRFS info (device loop3): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 537.381070][T12831] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 537.392111][T12831] BTRFS info (device loop3): using free-space-tree [ 537.404323][T12844] kvm: kvm [12841]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000 [ 537.413387][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 537.413413][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 537.413431][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 537.413447][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 537.413461][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 537.416684][T12623] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 537.427470][T12844] kvm: kvm [12841]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000 [ 537.488396][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 537.507744][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 537.518559][ T5188] usb 5-1: Using ep0 maxpacket: 8 [ 537.524962][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 537.538109][ T5188] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 537.545745][ T5188] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 537.558897][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 537.569398][ T5188] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 537.586017][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 537.597356][ T5188] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 537.609356][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 537.625158][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 537.639037][ T5188] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 537.647382][ T5188] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 537.658971][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 537.669903][ T5188] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 537.682692][T12623] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 537.697996][ T5188] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 537.719313][T12623] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 537.738267][ T5188] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 537.756402][ T5188] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 537.757200][T12623] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 537.782904][ T5188] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 537.799759][T12623] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 537.822796][T12623] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 537.825406][ T5188] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 537.865016][ T29] audit: type=1800 audit(1718398459.526:206): pid=12831 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.3" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 537.922059][ T5188] usb 5-1: string descriptor 0 read error: -22 [ 537.929491][ T5188] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 537.956178][ T5188] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 537.964936][ T29] audit: type=1800 audit(1718398459.576:207): pid=12831 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.3" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 538.017109][ T9335] BTRFS info (device loop0): last unmount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 538.041965][ T5188] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 538.105970][T12881] loop2: detected capacity change from 0 to 136 [ 538.118141][ T9070] BTRFS info (device loop3): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 538.188928][ T164] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 538.238352][ T164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 538.328786][ T2863] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 538.336687][ T2863] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 538.512677][ T785] usb 5-1: USB disconnect, device number 5 [ 539.028729][T12891] random: crng reseeded on system resumption [ 539.371075][T12893] loop3: detected capacity change from 0 to 128 [ 539.407519][T12893] befs: (loop3): cannot parse mount options [ 539.690395][T12883] loop1: detected capacity change from 0 to 32768 [ 539.710008][T12883] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (12883) [ 539.858552][T12883] BTRFS info (device loop1): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 539.886635][T12883] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 539.896801][T12883] BTRFS info (device loop1): using free-space-tree [ 540.257061][T12895] loop4: detected capacity change from 0 to 32768 [ 540.276815][T12895] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (12895) [ 541.137406][T12895] BTRFS info (device loop4): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 541.197315][T12895] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 541.217273][T12895] BTRFS info (device loop4): using free-space-tree [ 541.259998][ T29] audit: type=1804 audit(1718398462.906:208): pid=12883 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir1512287329/syzkaller.XrhlMG/0/file0/file1" dev="loop1" ino=260 res=1 errno=0 [ 541.595482][T12895] BTRFS info (device loop4): rebuilding free space tree [ 541.612831][T12623] BTRFS info (device loop1): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 541.769334][ T29] audit: type=1800 audit(1718398463.426:209): pid=12895 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.4" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 541.875444][ T29] audit: type=1804 audit(1718398463.516:210): pid=12895 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir2399496472/syzkaller.qfbzKf/42/file0/file1" dev="loop4" ino=260 res=1 errno=0 [ 542.021217][T11581] BTRFS info (device loop4): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 543.342480][T12951] netlink: 'syz-executor.0': attribute type 7 has an invalid length. [ 543.387670][T12951] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 544.109483][ T5188] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 544.242827][T12949] loop1: detected capacity change from 0 to 32768 [ 544.320715][ T5188] usb 5-1: Using ep0 maxpacket: 8 [ 544.365027][T12956] loop3: detected capacity change from 0 to 32768 [ 544.375413][ T5188] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 544.383837][T12956] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (12956) [ 544.407311][T12954] loop0: detected capacity change from 0 to 32768 [ 544.419507][ T5188] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 544.432637][T12954] BTRFS: device fsid 3a492a15-ac49-4ce6-945e-cef7a687c6c9 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (12954) [ 544.480563][T12954] BTRFS info (device loop0): first mount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 544.495793][T12954] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 544.498249][ T5188] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 544.506018][T12954] BTRFS info (device loop0): using free-space-tree [ 544.534649][T12956] BTRFS info (device loop3): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 544.584005][T12956] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 544.607253][ T5188] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 544.636337][T12949] bcachefs (loop1): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,noshard_inode_numbers,noinodes_use_key_cache,gc_reserve_bytes=512 GiB,nojournal_transaction_names [ 544.658468][T12956] BTRFS info (device loop3): using free-space-tree [ 544.690387][ T5188] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 544.694195][T12949] bcachefs (loop1): recovering from clean shutdown, journal seq 8 [ 544.717391][ T5188] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 544.754291][ T5188] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 544.755795][T12949] bcachefs (loop1): alloc_read... done [ 544.807805][ T5188] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 544.829984][T12949] bcachefs (loop1): stripes_read... done [ 544.839553][T12949] bcachefs (loop1): snapshots_read... done [ 544.850733][ T5188] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 544.861376][T12949] bcachefs (loop1): journal_replay... done [ 544.867728][ T5188] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 544.880233][T12949] bcachefs (loop1): resume_logged_ops... done [ 544.886853][T12949] bcachefs (loop1): going read-write [ 544.894011][ T5188] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 544.906952][ T5188] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 544.924197][ T5188] usb 5-1: string descriptor 0 read error: -22 [ 544.931153][ T5188] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 544.944637][T12949] bcachefs (loop1): done starting filesystem [ 544.950869][ T29] audit: type=1800 audit(1718398466.606:211): pid=12956 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.3" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 544.973844][ T9335] BTRFS info (device loop0): last unmount of filesystem 3a492a15-ac49-4ce6-945e-cef7a687c6c9 [ 544.985366][ T5188] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 544.999007][ T5119] Bluetooth: hci4: command 0x0406 tx timeout [ 545.038803][ T29] audit: type=1800 audit(1718398466.646:212): pid=12956 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.3" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 545.075145][ T5188] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 545.163510][ T9070] BTRFS info (device loop3): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 545.577583][ T5188] usb 5-1: USB disconnect, device number 6 [ 546.015492][T12623] bcachefs (loop1): shutting down [ 546.023509][T12972] loop2: detected capacity change from 0 to 32768 [ 546.061540][T12972] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (12972) [ 546.074854][T12623] bcachefs (loop1): going read-only [ 546.074922][T12623] bcachefs (loop1): finished waiting for writes to stop [ 546.220602][T12623] bcachefs (loop1): flushing journal and stopping allocators, journal seq 11 [ 546.245612][T12972] BTRFS info (device loop2): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 546.380255][T12623] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 13 [ 546.437700][T12972] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 546.525153][T12972] BTRFS info (device loop2): using free-space-tree [ 546.538954][T12623] bcachefs (loop1): shutdown complete, journal seq 14 [ 546.578355][T12623] bcachefs (loop1): marking filesystem clean [ 546.892067][T12623] bcachefs (loop1): shutdown complete [ 547.004394][ T29] audit: type=1804 audit(1718398468.646:213): pid=12972 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2874949016/syzkaller.EMCnnH/55/file0/file1" dev="loop2" ino=260 res=1 errno=0 [ 547.247380][T11277] BTRFS info (device loop2): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 548.636657][T13067] loop4: detected capacity change from 0 to 136 [ 548.730806][T13068] fuse: Bad value for 'fd' [ 548.779654][ T29] audit: type=1326 audit(1718398470.406:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13047 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f87fe67cea9 code=0x0 [ 549.403008][T13072] loop1: detected capacity change from 0 to 128 [ 549.500042][T13072] befs: (loop1): cannot parse mount options [ 549.512699][T13054] loop2: detected capacity change from 0 to 32768 [ 549.617518][T13054] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (13054) [ 549.750360][T13054] BTRFS info (device loop2): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 549.865709][T13054] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 549.967405][T13054] BTRFS info (device loop2): using free-space-tree [ 549.974864][T13067] random: crng reseeded on system resumption [ 550.542227][ T29] audit: type=1800 audit(1718398472.086:215): pid=13054 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.2" name="file1" dev="loop2" ino=260 res=0 errno=0 [ 550.641067][ T29] audit: type=1800 audit(1718398472.306:216): pid=13054 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.2" name="file1" dev="loop2" ino=260 res=0 errno=0 [ 550.795603][T11277] BTRFS info (device loop2): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 551.866031][T13097] loop4: detected capacity change from 0 to 32768 [ 551.883842][T13097] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (13097) [ 551.948558][T13097] BTRFS info (device loop4): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 552.000584][T13097] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 552.033974][T13097] BTRFS info (device loop4): using free-space-tree [ 552.298963][T13097] BTRFS info (device loop4): rebuilding free space tree [ 552.497779][ T29] audit: type=1800 audit(1718398474.156:217): pid=13097 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.4" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 552.611262][ T29] audit: type=1804 audit(1718398474.226:218): pid=13123 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir2399496472/syzkaller.qfbzKf/53/file0/file1" dev="loop4" ino=260 res=1 errno=0 [ 552.757569][T11581] BTRFS info (device loop4): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 552.958245][T13104] loop3: detected capacity change from 0 to 32768 [ 553.058562][T13104] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (13104) [ 553.153976][T13104] BTRFS info (device loop3): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 553.168576][T13104] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 553.181127][T13104] BTRFS info (device loop3): using free-space-tree [ 553.607703][ T5110] Bluetooth: Wrong link type (-22) [ 553.682809][ T29] audit: type=1804 audit(1718398475.346:219): pid=13104 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir234820478/syzkaller.GTh9tN/150/file0/file1" dev="loop3" ino=260 res=1 errno=0 [ 553.826812][T13157] loop0: detected capacity change from 0 to 136 [ 553.873525][ T9070] BTRFS info (device loop3): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 554.497622][T13150] loop1: detected capacity change from 0 to 32768 [ 554.547389][T13150] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (13150) [ 554.638861][T13150] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 554.684685][T13150] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 554.715583][T13120] loop2: detected capacity change from 0 to 65536 [ 554.727337][T13150] BTRFS info (device loop1): using free-space-tree [ 554.833702][T13120] XFS (loop2): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 554.898951][T13120] XFS (loop2): Ending clean mount [ 554.981633][T13189] random: crng reseeded on system resumption [ 555.117344][ T29] audit: type=1800 audit(1718398476.756:220): pid=13120 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.2" name="file1" dev="loop2" ino=38 res=0 errno=0 [ 555.180383][ T29] audit: type=1800 audit(1718398476.776:221): pid=13120 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.2" name="file1" dev="loop2" ino=38 res=0 errno=0 [ 555.299382][T11277] XFS (loop2): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 555.364814][T13150] BTRFS info (device loop1): setting incompat feature flag for SIMPLE_QUOTA (0x10000) [ 555.589012][T12623] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 555.972704][T13194] loop4: detected capacity change from 0 to 32768 [ 556.042408][T13194] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (13194) [ 556.157866][T13194] BTRFS info (device loop4): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 556.207453][T13194] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 556.216226][T13194] BTRFS info (device loop4): using free-space-tree [ 556.553255][T13194] BTRFS info (device loop4): rebuilding free space tree [ 556.908797][ T29] audit: type=1800 audit(1718398478.576:222): pid=13194 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.4" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 556.984022][ T29] audit: type=1804 audit(1718398478.646:223): pid=13225 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir2399496472/syzkaller.qfbzKf/56/file0/file1" dev="loop4" ino=260 res=1 errno=0 [ 557.232642][T11581] BTRFS info (device loop4): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 557.287873][T13226] loop2: detected capacity change from 0 to 4096 [ 557.434950][T13226] ntfs3: loop2: $Secure::$SDH is corrupted. [ 557.475774][T13226] ntfs3: loop2: Failed to initialize $Secure (-22). [ 558.220829][T13251] loop2: detected capacity change from 0 to 136 [ 558.499486][T13230] loop1: detected capacity change from 0 to 32768 [ 558.529120][T13230] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (13230) [ 558.610645][T13230] BTRFS info (device loop1): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 558.648227][T13230] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 558.678740][T13230] BTRFS info (device loop1): using free-space-tree [ 558.937274][ T29] audit: type=1804 audit(1718398480.596:224): pid=13230 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir1512287329/syzkaller.XrhlMG/11/file0/file1" dev="loop1" ino=260 res=1 errno=0 [ 559.016643][T13281] random: crng reseeded on system resumption [ 559.595029][T12623] BTRFS info (device loop1): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 560.273141][T13289] loop4: detected capacity change from 0 to 4096 [ 560.542207][T13289] ntfs3: loop4: $Secure::$SDH is corrupted. [ 560.681582][T13289] ntfs3: loop4: Failed to initialize $Secure (-22). [ 562.523001][T13319] loop4: detected capacity change from 0 to 128 [ 562.560635][T13319] befs: (loop4): cannot parse mount options [ 562.592244][T13321] loop2: detected capacity change from 0 to 136 [ 563.392159][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.399994][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.709683][T13340] random: crng reseeded on system resumption [ 566.211285][ T29] audit: type=1800 audit(1718398487.876:225): pid=13361 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=1965 res=0 errno=0 [ 566.251204][ T29] audit: type=1804 audit(1718398487.916:226): pid=13361 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir1512287329/syzkaller.XrhlMG/20/file0" dev="sda1" ino=1965 res=1 errno=0 [ 566.426722][ T29] audit: type=1804 audit(1718398488.036:227): pid=13363 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir1512287329/syzkaller.XrhlMG/20/file0" dev="sda1" ino=1965 res=1 errno=0 [ 567.022237][T13371] loop2: detected capacity change from 0 to 2048 [ 567.062757][T13371] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 567.276691][T13377] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 567.305094][T13377] pim6reg0: linktype set to 0 [ 568.177736][T13397] fuse: Bad value for 'fd' [ 568.236622][ T29] audit: type=1326 audit(1718398489.846:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13385 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff5a4a7cea9 code=0x0 [ 569.240808][T13384] loop3: detected capacity change from 0 to 32768 [ 569.267609][T13384] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (13384) [ 569.370075][T13384] BTRFS info (device loop3): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 569.432570][T13384] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 569.468320][T13384] BTRFS info (device loop3): using free-space-tree [ 569.629529][T13389] loop0: detected capacity change from 0 to 32768 [ 570.052193][T13389] bcachefs (loop0): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,noshard_inode_numbers,noinodes_use_key_cache,gc_reserve_bytes=512 GiB,nojournal_transaction_names [ 570.148689][T13389] bcachefs (loop0): recovering from clean shutdown, journal seq 8 [ 570.151995][ T9070] BTRFS info (device loop3): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 570.355052][T13389] bcachefs (loop0): alloc_read... done [ 570.372033][T13389] bcachefs (loop0): stripes_read... done [ 570.386247][T13389] bcachefs (loop0): snapshots_read... done [ 570.420673][T13389] bcachefs (loop0): journal_replay... done [ 570.426603][T13389] bcachefs (loop0): resume_logged_ops... done [ 570.482988][T13389] bcachefs (loop0): going read-write [ 570.577296][T13389] bcachefs (loop0): done starting filesystem [ 570.588012][ T5110] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 570.708714][ T9335] bcachefs (loop0): shutting down [ 570.714182][ T9335] bcachefs (loop0): going read-only [ 570.749339][T13448] netlink: 'syz-executor.4': attribute type 9 has an invalid length. [ 570.751220][ T9335] bcachefs (loop0): finished waiting for writes to stop [ 570.783815][T13448] netlink: 209836 bytes leftover after parsing attributes in process `syz-executor.4'. [ 570.790934][T13405] loop2: detected capacity change from 0 to 32768 [ 570.826563][ T9335] bcachefs (loop0): flushing journal and stopping allocators, journal seq 8 [ 570.857484][ T9335] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 8 [ 570.897045][ T9335] bcachefs (loop0): shutdown complete, journal seq 9 [ 570.920500][T13405] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 570.940385][ T9335] bcachefs (loop0): marking filesystem clean [ 571.163797][T13405] XFS (loop2): Ending clean mount [ 571.258674][T13466] netlink: 'syz-executor.3': attribute type 9 has an invalid length. [ 571.281007][T13405] XFS (loop2): Quotacheck needed: Please wait. [ 571.300538][T13466] netlink: 209836 bytes leftover after parsing attributes in process `syz-executor.3'. [ 571.321290][ T9335] bcachefs (loop0): shutdown complete [ 571.902515][T13405] XFS (loop2): Quotacheck: Done. [ 571.919983][ T29] audit: type=1800 audit(1718398493.576:229): pid=13405 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.2" name="file1" dev="loop2" ino=6150 res=0 errno=0 [ 572.118918][T11277] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 572.184368][T13469] netlink: 'syz-executor.3': attribute type 9 has an invalid length. [ 572.219228][T13469] netlink: 209836 bytes leftover after parsing attributes in process `syz-executor.3'. [ 572.264405][T13442] loop1: detected capacity change from 0 to 40427 [ 572.280619][T13442] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 572.304909][T13442] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 572.453634][T13442] F2FS-fs (loop1): invalid crc value [ 572.484000][T13442] F2FS-fs (loop1): Found nat_bits in checkpoint [ 572.703090][T13442] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 572.725161][T13442] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 573.145649][T13489] fuse: Bad value for 'fd' [ 573.154912][ T29] audit: type=1326 audit(1718398494.816:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13471 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff5a4a7cea9 code=0x0 [ 573.936640][T13495] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 574.352337][T13491] loop2: detected capacity change from 0 to 32768 [ 574.612467][T10231] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 574.622230][T13485] loop3: detected capacity change from 0 to 32768 [ 574.650205][T10231] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 575.322877][T13485] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 575.414824][T13491] bcachefs (loop2): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,noshard_inode_numbers,noinodes_use_key_cache,gc_reserve_bytes=512 GiB,nojournal_transaction_names [ 575.465445][T13491] bcachefs (loop2): recovering from clean shutdown, journal seq 8 [ 575.581744][T13491] bcachefs (loop2): alloc_read... done [ 575.607903][T13491] bcachefs (loop2): stripes_read... done [ 575.635624][T13485] XFS (loop3): Ending clean mount [ 575.654867][T13485] XFS (loop3): Quotacheck needed: Please wait. [ 575.682837][T13491] bcachefs (loop2): snapshots_read... done [ 575.709926][T13491] bcachefs (loop2): journal_replay... done [ 575.710115][ T5119] Bluetooth: hci0: command 0x0406 tx timeout [ 575.776760][T13491] bcachefs (loop2): resume_logged_ops... done [ 575.784036][T13491] bcachefs (loop2): going read-write [ 575.805801][T13485] XFS (loop3): Quotacheck: Done. [ 575.828782][T13491] bcachefs (loop2): done starting filesystem [ 576.161946][T13522] loop0: detected capacity change from 0 to 32768 [ 576.252451][T13522] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (13522) [ 576.258028][ T9070] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 576.385340][T13522] BTRFS info (device loop0): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 576.417466][T13522] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 576.426751][T13522] BTRFS info (device loop0): using free-space-tree [ 576.758338][T11277] bcachefs (loop2): shutting down [ 576.767473][T11277] bcachefs (loop2): going read-only [ 576.817264][T11277] bcachefs (loop2): finished waiting for writes to stop [ 576.880169][T11277] bcachefs (loop2): flushing journal and stopping allocators, journal seq 11 [ 576.914608][T11277] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 13 [ 576.949038][ T29] audit: type=1804 audit(1718398498.616:231): pid=13522 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3494656378/syzkaller.gr1HKm/167/file0/file1" dev="loop0" ino=260 res=1 errno=0 [ 576.995902][T11277] bcachefs (loop2): shutdown complete, journal seq 14 [ 577.014279][T11277] bcachefs (loop2): marking filesystem clean [ 577.109967][ T9335] BTRFS info (device loop0): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 577.114099][T11277] bcachefs (loop2): shutdown complete [ 577.500246][T13539] loop4: detected capacity change from 0 to 32768 [ 577.607106][T13539] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 577.644255][T13539] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 578.006552][T13539] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 3ms [ 578.285144][ T5158] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 578.419623][ T5158] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 578.863284][ T5158] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 443ms [ 578.906885][ T5158] gfs2: fsid=syz:syz.0: jid=0: Done [ 578.971683][T13586] sg_write: data in/out 624/1 bytes for SCSI command 0xcb-- guessing data in; [ 578.971683][T13586] program syz-executor.3 not setting count and/or reply_len properly [ 579.095530][T13586] loop3: detected capacity change from 0 to 2048 [ 579.108979][T13586] nilfs2: Unknown parameter './file0' [ 579.656131][T13539] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 579.671320][T13539] gfs2: fsid=syz:syz.0: can't create logd thread: -4 [ 581.084511][T13584] loop1: detected capacity change from 0 to 32768 [ 581.213349][T13584] XFS (loop1): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 581.421159][T13584] XFS (loop1): Ending clean mount [ 581.744012][T12623] XFS (loop1): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 581.777015][T13597] loop2: detected capacity change from 0 to 32768 [ 581.814405][T13597] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (13597) [ 581.917331][T13597] BTRFS info (device loop2): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 581.923994][T13622] netlink: 576 bytes leftover after parsing attributes in process `syz-executor.0'. [ 581.968022][T13597] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 582.049176][T13597] BTRFS info (device loop2): using free-space-tree [ 582.417266][ T29] audit: type=1804 audit(1718398504.076:232): pid=13597 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2874949016/syzkaller.EMCnnH/74/file0/file1" dev="loop2" ino=260 res=1 errno=0 [ 582.579512][T11277] BTRFS info (device loop2): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 584.587358][ T29] audit: type=1326 audit(1718398506.236:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13665 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9b13c7cea9 code=0x0 [ 584.717470][T13653] loop1: detected capacity change from 0 to 40427 [ 584.834993][T13653] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 584.874884][T13653] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 584.937022][T13641] loop3: detected capacity change from 0 to 32768 [ 584.945541][T13653] F2FS-fs (loop1): invalid crc value [ 584.995175][T13653] F2FS-fs (loop1): Found nat_bits in checkpoint [ 585.024553][T13641] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 585.095168][T13641] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 585.211365][T13662] loop0: detected capacity change from 0 to 32768 [ 585.245537][T13641] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 585.345754][T13662] XFS (loop0): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 585.363591][ T785] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 585.393422][ T785] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 585.407477][T13653] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 585.427591][T13653] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 585.547021][T13662] XFS (loop0): Ending clean mount [ 585.593237][ T785] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 199ms [ 585.625004][ T785] gfs2: fsid=syz:syz.0: jid=0: Done [ 585.634751][T13641] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 585.854997][T13641] gfs2: fsid=syz:syz.0: can't create logd thread: -4 [ 586.360399][ T9335] XFS (loop0): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 586.737723][T13692] loop4: detected capacity change from 0 to 32768 [ 586.767441][T13692] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (13692) [ 586.832652][T13692] BTRFS info (device loop4): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 586.844461][T13692] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 586.861195][T13692] BTRFS info (device loop4): using free-space-tree [ 586.971974][T10231] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 587.018815][T10231] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 587.114585][ T29] audit: type=1804 audit(1718398508.776:234): pid=13692 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir2399496472/syzkaller.qfbzKf/86/file0/file1" dev="loop4" ino=260 res=1 errno=0 [ 587.140413][ C1] vkms_vblank_simulate: vblank timer overrun [ 587.246365][T11581] BTRFS info (device loop4): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 589.708431][T13746] sg_write: data in/out 624/1 bytes for SCSI command 0xcb-- guessing data in; [ 589.708431][T13746] program syz-executor.0 not setting count and/or reply_len properly [ 589.834039][T13746] loop0: detected capacity change from 0 to 2048 [ 589.845601][T13746] nilfs2: Unknown parameter './file0' [ 590.723045][T13730] loop4: detected capacity change from 0 to 32768 [ 590.796678][T13754] loop2: detected capacity change from 0 to 2048 [ 590.882227][T13730] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 591.059885][T13754] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 591.106641][T13730] XFS (loop4): Ending clean mount [ 591.204949][T13730] XFS (loop4): Quotacheck needed: Please wait. [ 591.333702][T13730] XFS (loop4): Quotacheck: Done. [ 591.443182][T11581] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 592.272108][T13757] loop0: detected capacity change from 0 to 32768 [ 592.321047][T13757] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (13757) [ 592.469194][T13757] BTRFS info (device loop0): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 592.517856][T13757] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 592.549025][T13757] BTRFS info (device loop0): using free-space-tree [ 592.899700][ T29] audit: type=1804 audit(1718398514.566:235): pid=13757 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3494656378/syzkaller.gr1HKm/183/file0/file1" dev="loop0" ino=260 res=1 errno=0 [ 592.924954][ C1] vkms_vblank_simulate: vblank timer overrun [ 593.080688][ T9335] BTRFS info (device loop0): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 593.361246][T13771] loop2: detected capacity change from 0 to 32768 [ 593.450019][T13771] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (13771) [ 593.658041][T13771] BTRFS info (device loop2): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 593.721721][T13771] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 593.791723][T13771] BTRFS info (device loop2): using free-space-tree [ 594.099739][T13771] BTRFS info (device loop2): rebuilding free space tree [ 594.335843][ T29] audit: type=1800 audit(1718398515.996:236): pid=13771 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.2" name="file1" dev="loop2" ino=260 res=0 errno=0 [ 594.605585][T11277] BTRFS info (device loop2): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 596.302890][T13845] loop2: detected capacity change from 0 to 32768 [ 596.333354][T13842] loop0: detected capacity change from 0 to 40427 [ 596.359120][T13845] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (13845) [ 596.385549][T13842] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 596.425022][T13842] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 596.477766][T13845] BTRFS info (device loop2): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 596.523167][T13845] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 596.555084][T13845] BTRFS info (device loop2): using free-space-tree [ 596.721519][T13842] F2FS-fs (loop0): Found nat_bits in checkpoint [ 596.942633][ T29] audit: type=1804 audit(1718398518.606:237): pid=13845 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2874949016/syzkaller.EMCnnH/84/file0/file1" dev="loop2" ino=260 res=1 errno=0 [ 597.008411][T13842] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 597.043118][T13842] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 597.132911][T11277] BTRFS info (device loop2): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 597.194275][T13882] syz-executor.0: attempt to access beyond end of device [ 597.194275][T13882] loop0: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 598.030118][T13892] syzkaller0: entered promiscuous mode [ 598.054121][T13892] syzkaller0: entered allmulticast mode [ 600.324140][T13911] loop0: detected capacity change from 0 to 32768 [ 600.372064][T13911] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (13911) [ 600.430813][T13911] BTRFS info (device loop0): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 600.462530][T13911] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 600.514561][T13911] BTRFS info (device loop0): using free-space-tree [ 600.802292][ T29] audit: type=1804 audit(1718398522.446:238): pid=13911 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3494656378/syzkaller.gr1HKm/187/file0/file1" dev="loop0" ino=260 res=1 errno=0 [ 601.120327][ T9335] BTRFS info (device loop0): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 601.316391][T13926] loop4: detected capacity change from 0 to 32768 [ 601.629743][T13926] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=zstd,nojournal_transaction_names [ 601.632512][T13921] loop2: detected capacity change from 0 to 40427 [ 601.664390][T13926] bcachefs (loop4): recovering from clean shutdown, journal seq 10 [ 601.685894][T13921] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 601.697512][T13921] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 601.788556][T13926] bcachefs (loop4): alloc_read... done [ 601.794140][T13926] bcachefs (loop4): stripes_read... done [ 601.814737][T13926] bcachefs (loop4): snapshots_read... done [ 601.834901][T13921] F2FS-fs (loop2): Found nat_bits in checkpoint [ 601.842609][T13926] bcachefs (loop4): journal_replay... done [ 601.864391][T13926] bcachefs (loop4): resume_logged_ops... done [ 601.878866][T13926] bcachefs (loop4): going read-write [ 601.901338][T13926] bcachefs (loop4): done starting filesystem [ 601.949834][T13921] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 601.969809][T13921] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 602.186710][T13969] syz-executor.2: attempt to access beyond end of device [ 602.186710][T13969] loop2: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 603.194649][T13926] bcachefs (loop4): going read-only [ 603.202009][T13926] bcachefs (loop4): finished waiting for writes to stop [ 603.214044][T13926] bcachefs (loop4): flushing journal and stopping allocators, journal seq 12 [ 603.275477][T13926] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 13 [ 603.300713][T13926] bcachefs (loop4): shutdown complete, journal seq 14 [ 603.311378][T13926] bcachefs (loop4): marking filesystem clean [ 603.523119][T11581] bcachefs (loop4): shutting down [ 603.614783][T13977] loop0: detected capacity change from 0 to 128 [ 603.638454][T11581] bcachefs (loop4): shutdown complete [ 603.641907][T13977] befs: (loop0): cannot parse mount options [ 605.162102][T13982] loop4: detected capacity change from 0 to 32768 [ 605.435413][T13982] bcachefs (loop4): mounting version 1.7: mi_btree_bitmap opts=ro,metadata_checksum=crc64,data_checksum=xxhash,compression=lz4,str_hash=crc32c,nojournal_transaction_names,read_only [ 605.484552][T13982] bcachefs (loop4): recovering from clean shutdown, journal seq 7 [ 605.548356][T13982] bcachefs (loop4): alloc_read... done [ 605.553961][T13982] bcachefs (loop4): stripes_read... done [ 605.560964][T13982] bcachefs (loop4): snapshots_read... done [ 605.589188][T13982] bcachefs (loop4): journal_replay... done [ 605.595118][T13982] bcachefs (loop4): resume_logged_ops... done [ 605.613411][T13982] bcachefs (loop4): done starting filesystem [ 605.692117][T13982] bcachefs (loop4): going read-write [ 605.960997][T13982] syz-executor.4 (13982) used greatest stack depth: 11576 bytes left [ 606.062153][T11581] bcachefs (loop4): shutting down [ 606.067383][T11581] bcachefs (loop4): going read-only [ 606.072773][T11581] bcachefs (loop4): finished waiting for writes to stop [ 606.107575][T11581] bcachefs (loop4): flushing journal and stopping allocators, journal seq 10 [ 606.169623][T11581] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 12 [ 606.230484][T11581] bcachefs (loop4): shutdown complete, journal seq 13 [ 606.244645][T11581] bcachefs (loop4): marking filesystem clean [ 606.312664][T11581] bcachefs (loop4): shutdown complete [ 607.022717][T13997] loop1: detected capacity change from 0 to 32768 [ 607.139891][T13997] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (13997) [ 607.281870][T13997] BTRFS info (device loop1): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 607.359141][T13997] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 607.412191][T13997] BTRFS info (device loop1): using free-space-tree [ 607.587952][ T29] audit: type=1804 audit(1718398529.256:239): pid=13997 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir1512287329/syzkaller.XrhlMG/47/file0/file1" dev="loop1" ino=260 res=1 errno=0 [ 607.777068][T12623] BTRFS info (device loop1): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f [ 607.807372][T14003] loop0: detected capacity change from 0 to 40427 [ 607.833693][T14003] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 607.851989][T14003] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 607.990210][T14003] F2FS-fs (loop0): Found nat_bits in checkpoint [ 608.297406][T14003] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 608.322505][T14003] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 608.549473][T14048] syz-executor.0: attempt to access beyond end of device [ 608.549473][T14048] loop0: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 608.574370][T14010] loop2: detected capacity change from 0 to 40427 [ 608.594869][T14010] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 608.633248][T14010] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 608.662707][T14010] F2FS-fs (loop2): invalid crc value [ 608.741306][T14010] F2FS-fs (loop2): Found nat_bits in checkpoint [ 609.077919][T14010] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 609.100616][T14010] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 610.391028][ T35] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 610.511725][ T35] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 610.728277][T14064] fuse: Bad value for 'fd' [ 610.776129][ T29] audit: type=1326 audit(1718398532.436:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14061 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f87fe67cea9 code=0x0 [ 611.231728][T14057] loop1: detected capacity change from 0 to 65536 [ 611.417459][T14057] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 611.507728][T14057] XFS (loop1): Ending clean mount [ 611.553876][T14057] XFS (loop1): Quotacheck needed: Please wait. [ 611.624827][T14057] XFS (loop1): Quotacheck: Done. [ 611.702994][ T29] audit: type=1804 audit(1718398533.346:241): pid=14057 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir1512287329/syzkaller.XrhlMG/50/file1/file1" dev="loop1" ino=38 res=1 errno=0 [ 611.736984][ T29] audit: type=1804 audit(1718398533.356:242): pid=14057 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir1512287329/syzkaller.XrhlMG/50/file1/file1" dev="loop1" ino=38 res=1 errno=0 [ 611.793996][T12623] XFS (loop1): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 611.863517][T14080] EXT4-fs warning (device sda1): ext4_group_extend:1861: can't shrink FS - resize aborted [ 615.091121][T14090] loop0: detected capacity change from 0 to 40427 [ 615.148616][T14090] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 615.187262][T14090] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 615.251944][T14090] F2FS-fs (loop0): Found nat_bits in checkpoint [ 615.319820][T14090] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 615.333071][T14090] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 615.455069][T14118] syz-executor.0: attempt to access beyond end of device [ 615.455069][T14118] loop0: rw=2049, sector=45096, nr_sectors = 128 limit=40427 [ 615.881368][T14106] loop3: detected capacity change from 0 to 65536 [ 615.983611][T14106] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 616.069413][T14106] XFS (loop3): Ending clean mount [ 616.076224][T14106] XFS (loop3): Quotacheck needed: Please wait. [ 616.187623][T14106] XFS (loop3): Quotacheck: Done. [ 616.213711][ T29] audit: type=1804 audit(1718398537.876:243): pid=14106 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir234820478/syzkaller.GTh9tN/201/file1/file1" dev="loop3" ino=38 res=1 errno=0 [ 616.256147][ T29] audit: type=1804 audit(1718398537.906:244): pid=14106 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir234820478/syzkaller.GTh9tN/201/file1/file1" dev="loop3" ino=38 res=1 errno=0 [ 616.305580][ T9070] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 727.347160][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 727.354176][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P14173/1:b..l [ 727.363178][ C0] rcu: (detected by 0, t=10502 jiffies, g=79985, q=441 ncpus=2) [ 727.370925][ C0] task:syz-executor.1 state:R running task stack:24400 pid:14173 tgid:14172 ppid:12623 flags:0x00004006 [ 727.385248][ C0] Call Trace: [ 727.388559][ C0] [ 727.391512][ C0] __schedule+0x1796/0x49d0 [ 727.396059][ C0] ? mark_lock+0x9a/0x350 [ 727.400420][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 727.406422][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 727.412870][ C0] ? __pfx___schedule+0x10/0x10 [ 727.417750][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 727.423802][ C0] ? preempt_schedule_irq+0xf0/0x1c0 [ 727.429118][ C0] preempt_schedule_irq+0xfb/0x1c0 [ 727.434272][ C0] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 727.440039][ C0] irqentry_exit+0x5e/0x90 [ 727.444480][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 727.450583][ C0] RIP: 0010:debug_lockdep_rcu_enabled+0x18/0x40 [ 727.457038][ C0] Code: 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 31 c0 83 3d a7 36 2e 04 00 74 1e 83 3d e6 67 2e 04 00 74 15 <65> 48 8b 0c 25 c0 d4 03 00 31 c0 83 b9 dc 0a 00 00 00 0f 94 c0 c3 [ 727.476678][ C0] RSP: 0018:ffffc90009d27498 EFLAGS: 00000202 [ 727.482773][ C0] RAX: 0000000000000000 RBX: 1ffff920013a4e94 RCX: ffff888021283c00 [ 727.490847][ C0] RDX: dffffc0000000000 RSI: ffffffff8bcacd00 RDI: ffff888059afda00 [ 727.498931][ C0] RBP: ffffc90009d27530 R08: ffffffff92f74587 R09: 1ffffffff25ee8b0 [ 727.506922][ C0] R10: dffffc0000000000 R11: fffffbfff25ee8b1 R12: 0000000000000000 [ 727.514914][ C0] R13: dffffc0000000000 R14: dffffc0000000000 R15: dffffc0000000000 [ 727.522924][ C0] rcu_read_lock_sched_held+0x63/0x130 [ 727.528421][ C0] ? __pfx_rcu_read_lock_sched_held+0x10/0x10 [ 727.534521][ C0] ? page_rmappable_folio+0xa5/0x310 [ 727.539841][ C0] mem_cgroup_from_task+0x4d/0x120 [ 727.544989][ C0] ? get_mem_cgroup_from_mm+0x38/0x2a0 [ 727.550492][ C0] get_mem_cgroup_from_mm+0xd7/0x2a0 [ 727.555830][ C0] __mem_cgroup_charge+0x16/0x80 [ 727.560806][ C0] folio_prealloc+0x52/0x170 [ 727.565422][ C0] handle_pte_fault+0x2f4a/0x7130 [ 727.570528][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 727.575585][ C0] ? __pfx_handle_pte_fault+0x10/0x10 [ 727.581001][ C0] ? do_raw_spin_lock+0x14f/0x370 [ 727.586077][ C0] ? follow_page_pte+0x292/0x1d90 [ 727.591177][ C0] ? follow_page_pte+0x859/0x1d90 [ 727.596236][ C0] ? __pfx_lock_release+0x10/0x10 [ 727.601288][ C0] ? count_memcg_event_mm+0x3c2/0x420 [ 727.606693][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 727.612109][ C0] ? folio_mark_accessed+0x6f6/0x11b0 [ 727.617514][ C0] handle_mm_fault+0xfb0/0x19d0 [ 727.622501][ C0] ? __pfx_handle_mm_fault+0x10/0x10 [ 727.627821][ C0] ? __pfx_find_vma+0x10/0x10 [ 727.632518][ C0] ? vma_is_secretmem+0xd/0x50 [ 727.637301][ C0] ? check_vma_flags+0x531/0x5a0 [ 727.642270][ C0] __get_user_pages+0x6ef/0x1590 [ 727.647593][ C0] ? mt_find+0x62d/0x850 [ 727.651874][ C0] ? __pfx___get_user_pages+0x10/0x10 [ 727.657289][ C0] populate_vma_page_range+0x264/0x330 [ 727.662850][ C0] ? __pfx_populate_vma_page_range+0x10/0x10 [ 727.668861][ C0] ? apply_mlockall_flags+0x34a/0x3c0 [ 727.674258][ C0] __mm_populate+0x27a/0x460 [ 727.678972][ C0] ? __pfx___mm_populate+0x10/0x10 [ 727.684123][ C0] __se_sys_mlockall+0x3e3/0x4d0 [ 727.689180][ C0] do_syscall_64+0xf3/0x230 [ 727.693726][ C0] ? clear_bhb_loop+0x35/0x90 [ 727.698430][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 727.704349][ C0] RIP: 0033:0x7f8ae087cea9 [ 727.708797][ C0] RSP: 002b:00007f8ae03ff0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 727.717235][ C0] RAX: ffffffffffffffda RBX: 00007f8ae09b3f80 RCX: 00007f8ae087cea9 [ 727.725230][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 727.733225][ C0] RBP: 00007f8ae08ebff4 R08: 0000000000000000 R09: 0000000000000000 [ 727.741216][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 727.749214][ C0] R13: 000000000000000b R14: 00007f8ae09b3f80 R15: 00007ffea3f5bc28 [ 727.757221][ C0] [ 727.760264][ C0] rcu: rcu_preempt kthread starved for 10538 jiffies! g79985 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 727.771511][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 727.781508][ C0] rcu: RCU grace-period kthread stack dump: [ 727.787428][ C0] task:rcu_preempt state:R running task stack:26448 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 727.799287][ C0] Call Trace: [ 727.802580][ C0] [ 727.805535][ C0] __schedule+0x1796/0x49d0 [ 727.810172][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 727.816180][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 727.822974][ C0] ? __pfx___schedule+0x10/0x10 [ 727.827856][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 727.833962][ C0] ? preempt_schedule_irq+0xf0/0x1c0 [ 727.839275][ C0] preempt_schedule_irq+0xfb/0x1c0 [ 727.844444][ C0] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 727.850189][ C0] ? preempt_schedule_notrace_thunk+0x1a/0x30 [ 727.856285][ C0] ? trace_irq_disable+0x2c/0x120 [ 727.861338][ C0] irqentry_exit+0x5e/0x90 [ 727.865790][ C0] asm_sysvec_call_function_single+0x1a/0x20 [ 727.871808][ C0] RIP: 0010:schedule+0x13a/0x320 [ 727.876771][ C0] Code: 00 00 00 e8 b8 ee ff f8 48 c7 c7 60 10 1f 8e 4c 89 f6 e8 e9 64 eb f5 48 89 eb 48 c1 eb 03 eb 0a 48 f7 45 00 08 00 00 00 74 2c 01 00 00 00 e8 ec 72 de f5 31 ff e8 d5 b4 ff ff bf 01 00 00 00 [ 727.896581][ C0] RSP: 0018:ffffc90000167b68 EFLAGS: 00000202 [ 727.902684][ C0] RAX: 0000000000000001 RBX: 1ffff11002e59000 RCX: 0000000000000001 [ 727.910699][ C0] RDX: dffffc0000000000 RSI: ffffffff8bcabb80 RDI: 0000000000000001 [ 727.918694][ C0] RBP: ffff8880172c8000 R08: ffffffff8fac246f R09: 1ffffffff1f5848d [ 727.926806][ C0] R10: dffffc0000000000 R11: fffffbfff1f5848e R12: dffffc0000000000 [ 727.934883][ C0] R13: 1ffff9200002cf74 R14: ffffffff8b872520 R15: ffff8880172c9278 [ 727.942877][ C0] ? schedule+0x90/0x320 [ 727.947154][ C0] ? schedule+0x155/0x320 [ 727.951501][ C0] schedule_timeout+0x1be/0x310 [ 727.956372][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 727.961765][ C0] ? __pfx_process_timeout+0x10/0x10 [ 727.967077][ C0] ? prepare_to_swait_event+0x32e/0x350 [ 727.972646][ C0] rcu_gp_fqs_loop+0x2df/0x1330 [ 727.977536][ C0] ? __pfx_rcu_implicit_dynticks_qs+0x10/0x10 [ 727.983629][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 727.988938][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 727.994869][ C0] ? finish_swait+0xd4/0x1e0 [ 727.999490][ C0] rcu_gp_kthread+0xa7/0x3b0 [ 728.004103][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 728.009319][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 728.015240][ C0] ? __kthread_parkme+0x169/0x1d0 [ 728.020292][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 728.025510][ C0] kthread+0x2f0/0x390 [ 728.029596][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 728.034818][ C0] ? __pfx_kthread+0x10/0x10 [ 728.039429][ C0] ret_from_fork+0x4b/0x80 [ 728.043862][ C0] ? __pfx_kthread+0x10/0x10 [ 728.048474][ C0] ret_from_fork_asm+0x1a/0x30 [ 728.053275][ C0] [ 728.056306][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 728.062651][ C0] Sending NMI from CPU 0 to CPUs 1: [ 728.067878][ C1] NMI backtrace for cpu 1 [ 728.067898][ C1] CPU: 1 PID: 14206 Comm: syz-executor.2 Not tainted 6.10.0-rc3-syzkaller-00044-g2ccbdf43d5e7 #0 [ 728.067920][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 728.067929][ C1] RIP: 0010:lock_release+0x125/0x9f0 [ 728.067951][ C1] Code: 7e 85 c0 0f 85 23 05 00 00 65 48 8b 04 25 c0 d4 03 00 48 89 44 24 18 48 8d 98 dc 0a 00 00 48 89 d8 48 c1 e8 03 42 0f b6 04 38 <84> c0 0f 85 d8 05 00 00 83 3b 00 0f 85 f1 04 00 00 4c 8d b4 24 b0 [ 728.067964][ C1] RSP: 0018:ffffc9000d80fa20 EFLAGS: 00000807 [ 728.067978][ C1] RAX: 0000000000000000 RBX: ffff8880213746dc RCX: ffffffff81728b50 [ 728.067989][ C1] RDX: 0000000000000000 RSI: ffffffff8c1f2460 RDI: ffffffff8c1f2420 [ 728.068000][ C1] RBP: ffffc9000d80fb60 R08: ffffffff8fac246f R09: 1ffffffff1f5848d [ 728.068012][ C1] R10: dffffc0000000000 R11: fffffbfff1f5848e R12: 1ffff92001b01f50 [ 728.068023][ C1] R13: ffffffff815d0d60 R14: 0000000100000000 R15: dffffc0000000000 [ 728.068034][ C1] FS: 00007f9b14a096c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 728.068048][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 728.068059][ C1] CR2: 00007f9b14a29f80 CR3: 000000006a33a000 CR4: 00000000003506f0 [ 728.068072][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 728.068082][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 728.068091][ C1] Call Trace: [ 728.068100][ C1] [ 728.068108][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 728.068131][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 728.068148][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 728.068167][ C1] ? nmi_handle+0x2a/0x5a0 [ 728.068196][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 728.068213][ C1] ? nmi_handle+0x14f/0x5a0 [ 728.068232][ C1] ? nmi_handle+0x2a/0x5a0 [ 728.068253][ C1] ? lock_release+0x125/0x9f0 [ 728.068267][ C1] ? default_do_nmi+0x63/0x160 [ 728.068287][ C1] ? exc_nmi+0x123/0x1f0 [ 728.068307][ C1] ? end_repeat_nmi+0xf/0x53 [ 728.068324][ C1] ? __set_current_blocked+0x310/0x380 [ 728.068342][ C1] ? lock_release+0xb0/0x9f0 [ 728.068358][ C1] ? lock_release+0x125/0x9f0 [ 728.068373][ C1] ? lock_release+0x125/0x9f0 [ 728.068389][ C1] ? lock_release+0x125/0x9f0 [ 728.068404][ C1] [ 728.068409][ C1] [ 728.068416][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 728.068438][ C1] ? __pfx_lock_release+0x10/0x10 [ 728.068455][ C1] ? _raw_spin_lock_irq+0xdf/0x120 [ 728.068473][ C1] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 728.068491][ C1] ? __pfx___might_resched+0x10/0x10 [ 728.068512][ C1] _raw_spin_unlock_irq+0x16/0x50 [ 728.068530][ C1] __set_current_blocked+0x310/0x380 [ 728.068548][ C1] ? __pfx___set_current_blocked+0x10/0x10 [ 728.068563][ C1] ? __might_fault+0xc6/0x120 [ 728.068581][ C1] ? fpu__clear_user_states+0x3c/0x270 [ 728.068601][ C1] signal_setup_done+0x39e/0x600 [ 728.068624][ C1] ? __pfx_signal_setup_done+0x10/0x10 [ 728.068645][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 728.068660][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 728.068677][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 728.068692][ C1] ? fpu__clear_user_states+0x3c/0x270 [ 728.068709][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 728.068726][ C1] ? fpu__clear_user_states+0x1a8/0x270 [ 728.068744][ C1] arch_do_signal_or_restart+0x51f/0x860 [ 728.068765][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 728.068781][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 728.068804][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 728.068822][ C1] syscall_exit_to_user_mode+0xc9/0x370 [ 728.068842][ C1] do_syscall_64+0x100/0x230 [ 728.068859][ C1] ? clear_bhb_loop+0x35/0x90 [ 728.068878][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 728.068895][ C1] RIP: 0033:0x7f9b13ca4630 [ 728.068908][ C1] Code: 83 c0 16 83 e0 f7 74 12 50 48 8d 3d 5a 9b 04 00 e8 35 78 fa ff 0f 1f 44 00 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 <83> ff 21 74 0b c3 66 2e 0f 1f 84 00 00 00 00 00 55 53 48 89 f3 48 [ 728.068925][ C1] RSP: 002b:00007f9b14a08bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 728.068940][ C1] RAX: 0000000000000000 RBX: 00007f9b13db4058 RCX: 00007f9b13c7cea9 [ 728.068950][ C1] RDX: 00007f9b14a08bc0 RSI: 00007f9b14a08cf0 RDI: 0000000000000021 [ 728.068961][ C1] RBP: 00007f9b13db4050 R08: 00007f9b14a096c0 R09: 00007f9b14a096c0 [ 728.068971][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9b13db405c [ 728.068981][ C1] R13: 000000000000006e R14: 00007ffdeebe1640 R15: 00007ffdeebe1728 [ 728.069000][ C1]