program:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x3, 0x4)
sendmmsg$inet6(r0, &(0x7f00000002c0), 0x0, 0x11)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000380)={[{@nogrpid}, {@resuid={'resuid', 0x3d, 0xee01}}, {@resgid}, {@dax}, {@nombcache}, {@block_validity}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
setsockopt$X25_QBITINCL(r1, 0x106, 0x1, &(0x7f0000000100)=0x1, 0x4) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async)
r2 = getpid()
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0) (async)
r4 = eventfd2(0x0, 0x800)
ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000300)={0x0, r4})
ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000140)={0x0, r4}) (async)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
r5 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @multicast1}, 0x10) (async)
bind$inet(r5, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) (async)
sendmsg$xdp(r5, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f00000001c0)={0x0, 0x3d, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0xb78}}, 0x0) (async)
close(r5) (async)
mkdir(&(0x7f0000000280)='./file2\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00') (async)
set_mempolicy(0x2, &(0x7f0000000140)=0x8001, 0x2) (async)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x62042, 0x0)
pwritev2(r6, &(0x7f0000000140)=[{&(0x7f0000000080)="ff", 0x1}], 0x1, 0x5402, 0x0, 0x0)
syz_mount_image$bcachefs(&(0x7f00000058c0), &(0x7f0000005900)='./file0\x00', 0x400, &(0x7f0000000240)=ANY=[@ANYBLOB="61636c2c6469726563745f696f2c646972656361636c2c6e800000006f766572792c61636c2c67727071756f74612c6f626a5f757365723d68b373682c00"], 0x1, 0x58b0, &(0x7f0000005980)="$eJzs3W2QXFXdIPBzu3synZm8TAJIBJkMgSiCmglvhS+l0fWtAKlYWErYKAxkgtEkpJIgEFCCCy4UYKGlpagf0EJq0WhRBatESuRlE1ZRitWltpBa3UU/+BTykBLIQ1k+5qmZvqfTc6fv3J7unpDA71fJ3D6nb//PueeevtP/Mz3TAQAAgNeE3ddv2XvOUR/41RdHX7rmwz/bcG3oL4/XV+MOA+n2ileqhxxIvZVF49vsvHjTVT/489DF7/vl3X3ff3nXmmPX/v79h118/2fO3Hnbtx96ce69/3ymKG6cTyfuLyfPJSFUf77n61/a9diRY3VJCKGcDGwPYUGy8KEFSSbE8N9DCGvSwqLMnfe8dMrase21N/VOqJ+f2c98f22rpvNs297LTwp/eO+q636z+Mc/6tnx7Pb9uyTVhvkUwrwLGx/fE0KYnf4fE2dbnI9x0q4MIfQ1PO6Mgn4d12L/l+WUj063s9Jtf0GceP+STLmU2S9bjnoy276C9jqV14929ysyJ1POXow6ldfPWL8g3f403Z44zfjl+D8JpSRU6t1fn+yfI6HhvCUhGT+X1Xq5VD+3IT3+TDnJlEuZcrknc1zj7aYTrZwkE+vjfpn6eDmupPXHNl6rmzg3p/716baaPlFfjuWQvVHTP+lG/bjGxX7tmaIvB0Kp4RrUrL5+4tOT0Z/W9ScLJz1mXxPxvl2rbl5aXv3w7oGcfiR3J2n8pK342369YM6nfnjjZdnv6/X4F5bS+KW24v/xrMefP//G730rN/6tMX65rfgnP9D33FmPXL8kd3z2xPGptBV/5JlHb1l8+EU7cvt/e4xfbSv+ip2P987d+8CDuf0fjuMzu634T7/zg3+668n7ns2NH2L8vrbir9656cu9g3tPyI3/YByf/vbmzws7Tn9qcPAvQ3nxn4jx57YV/87tt73jjvk3nZl7flfG8RloK/7Zx99/3Zy99x2Td+1Mbu/Wd06A16bD0tdYN6TldvPMTjXkC98cqtRe881J/8/tZkMZY+3Mm8H4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALw2HXHS//zQ///4wHOVtNyb3ni6VNvG+lkhJLNDCFu2jmzeum7jJUOfufSyzRtH1g+NbB0a3bh185VDp75laPPopvUjV47dO/zWU2qPWxiS2jY5ZlLb+/bt21camFgX2/tPx+/4w9Iz/uWvIQwf8bvBSm7/l9224Y7Dm3zNSFbse8+Gy8753WnfTY9rIO3XQE6/Qk6//vW8f9zx1T1/PiGE4ddN1a9Hn373LyZ0aLxif5xUqTfUOtSb9DXtR73XaX/ieFXWrls/Olw8vuWc4/jPVz3797VXfOUftfGt5h5Hi+M7e8W+9aVvrDr7379xda3iYD3vReMdjyL2L45fNR3veelxzcs5rkrOcV3/mwef/PlRN764PQxXXlg8ue2i4+pJJ0BP8vqW2o0t9CULJtRX0/3jGY+PW7Z1w6ZlW67c9tZ1G0YuGb1kdOPbl5+6/PTh004/bdn4kS/r8vHH9t/Y4vEfmPk0/3Pbfxq/tjafivpVNB5j/Soej8Ye5T3/+s790tfeftsj59QqiuZ53Lt+PUm3fWPneXlomG+Tx6rZcRWNQwhhqNk4PP/imeHI/7PuuqLrUOOZafyakazY99iSv333jO8selet4oBc5xs71OZ1vt7r/f0ZH69qej4O1vHtDeX0uPqb9mv5Y4/03Lz7r5+v92/WrHDFyNatm5fXvs5JezonObppv7K18bgWj38th3RYQn2aNpmvY3pCrX/Z62fcPTuq/el9/cnCpseVFe/btermpeXVD+/OG+nk7lqLs8Pc2jZ5Q86e6zMPLNc73Kz9Q3V+DH7oO/d+/N6fnDppfpxc+1p0XEnOcf34yTu/9v2v/NefdO+4PvTuxwf+9n8/vbRWcahcV+q9TvuTNF5XTg6h6Pm3ODQ/jtznX6n58RQ9/7Lt7N+/ebyhTLk/lNt6vp78QN9zZz1y/ZLc5+ueVp+vV08olQuerwfL/Hnlnl8TJkqyYt8vbzhs+0PXrDyqVlE0r+t7N5vXp7SQf+Qc1y/Of2rw0qH/8r+7d934wVvuueD3Iyu+UKs4WM57NR3fas741nsd887G8X3bxZeuX1OrP3hf/6bbgvwnXkq2XLntsyPr149u3tLacbX6/TS2kx3ldr+fxqvbwoLjKk06rpm70cp4tfp8i/1f0/Z4TXy+9Yekre8L2369YM6nfnjjZQOTHpU2dGEpjV9qK/4fz3r8+fNv/N63cuPfGuNX2oo/8syjtyw+/KIdufFvT9L41bbir9j5eO/cvQ88mBt/OPZ/dlvxn37nB/9015P3PZsbP8T4/e2N/ws7Tn9qcPAvufGfSNJ2xl4jhXDPS6esrZWT0JM+32I/eib0K2TLSaZcypTLjeVSba213kA5SSbWx/3S+mMb+tLMJ3Lq46uw6qLa9uVYDtkbU9cfbEoN1/5m9UWvUwEAXu3iz//ja9D48//R9IVS/koD7NdpHrYoJ27Mw/av58yacP+iNH58fFwHHHxbGB7bXjtUe6E/3XXO+HzIrnPGdk44bmKMdtc5i9bfl2TKsV+19fJKQx6ampzXVEIL6++T25l6/T1z+MXr40M3TOrWUMO6Vfb89aQrZs3e75Dpb2UsQt78yK6LxfdzDM4LK8fba3F+ZN9HE89D9n00sZ2jMhfOdt9H0+n8iN2eYn6Md7n45xuTz1+YYnz3n7/m0bLnbxrnuzq2/0z/fPbQXzec2Z+HWZfMiZ8+wQ72dcNYH4+j0uJ64sdz6ru1nhgvF7Ffe6boy4FgPRF4tYr5f/weMZb/j70A/7fMfkWvQ7OvGmO83PcJlZv3pyjvmPw+vb62vo+v3rnpy72De0/IfZ3zYKvv+9k0odRX8L6fonFcmikXjmPOAk1Rvpdtp2jcs+/L6A9z2xr3O7ff9o475t90Zu64r6x9Iy0e969NKM0tGHf5Qk58+cJBkS/M9PrZK5aPpG98mql85GM59dPNR/om3agf17hDLh/pObD9AgAOHTH/r//8LM3//19mv6K89cRMOcbLzVtzXp/k5a0fSbdXZPbvT3+jYrqvm88+/v7r5uy975jcvOX2VvPQ/zahNFCYh3aWN+fmESu7837x3Dyinmd1lifm9r+eJ3aWp+fGr+fpneXRueNTz6M7WwfIjV9fBzjU89yZXa971ebR6a/PzlQefW5O/XTz6P5JN+rHNU4eDQDwyor5f3wZF/P/RzL7dfq6PTcv6NLr9uzfA6nHf+JA5ZUznffNdN4603n9TK9LHOp58UyvC83sOpm8OC2H7I0aeTEAAAeDmP/PTsv5+X9n+Ulu/lbPT+TnTePLzw+S/PxQX/+S/8v/i8n/AQBe3WL+H3/tMf79v/+RlrN/t16enhNfni5Pn2r+tJynz/Q6m3UA6wDFrAMAALy69IxnSpN/z/6T6Tb7e/Z5v5d/fs7+raqM/459CBdt3Tw6esFlm9aMbB29YOOla0a3XHD55nVbt45urO3Xad6Ym7ekeWNPqKTj0Xy/bN42P/17CPNz/h5Cdv8Y9ujxG5P/HkK22dkFf0dg//lrrb955680xf7N5kfe+c6L/4mc/aP6+b/40ydfsHbLBes2rtu6bmT9um2jE/cby1r7pvG5mXFYpvW5mZkvk5Sm//md3elHaVI/etLxyPt89iTTjwVpTxbkff5BTr9/9b+++rnj9/3jrhCGjyi/oaPxS1bs++/njX5k6+7fbRrrf2nK/tf3TPtV9Hml2f3j8VTWX7pl60lrL71sY/YTJdsT1zNK9fIMrWekT/9yi+sTq3Pqp7s+UZ504+DU8voEAAATxJ//x9ez8eeHX0lfQMX61vP0zn5+nJunD7eWp2c/l6woT8/uH4+31Ty92mGenm2/KE9vtn+zPD0v786L/7Gc/aer9XnS2fs8cufJha3Nk+znGRTNk+z+050nSYfzJNt+0Txptn+zeZJ33vPifzRn/zytz4fO3peTOx9ubW0+vDlTLpoP2f2nOx9KHc6HbPtF86HZ/s3mQ975zYt/Ts7+rZo4P8Ymxvi8GL3g8ks3f7Zhv5n+/IvO+zezn//Rrtb7P7Pv+5r5/s/s+8pmvv+dva8st/9PdLYS1nr/Z/bzXdp1wNZr0zebFb3/rGgdd1VO/XTXcWdNunFwso4Lr5yY/8cf98T8/6Z02+0fAx36n5Pmc8yaxu/S55gVvY7x/XyKxg4Cvp8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtKa3smh8u/v6LXvPOeoDv/ri6EvXfPhnG65901U/+PPQxe/75d19339515pj1/7+/YddfP9nztx527cfenHuvf98pjDwQG1zYlqshpA8l4RQ/fmer39p12NHjtUlIYRyMrA9hAXJwocWJJkIw38PIayp93Pinfe8dMrase21N/VOqJ+fCZI9rtBfjv2Z0M9wReERcQiqpvNs297LTwp/eO+q636z+Mc/6tnx7Pb9uyTVhvkUwrwLGx/fE0KYnf4fE2fbovjgdLsyhNDX8LgzCvp1XIv9X5ZTPjrdzkq3/QVx4v1LMuVSZr9sOerJbPsK2utUXj/a3a/InEw5ezHqVF4/Y/2CdPvTdHviNOOX4/8klJJQqXd/fbJ/joSG85aEZPxcVuvlUv3chvT4M+UkUy5lyuWezHGNt5tOtHKSTKyP+2Xq4+W4ktYf23itbuLcnPrXp9tq+kR9OZZD9kZN/6Qb9eMaF/u1Z4q+HAilhmtQs/r6iU9PRn9a158snPSYfU3E+3atunlpefXDuwdy+pHcnaTxk7bib/v1gjmf+uGNly3Ki39hKY1faiv+H896/Pnzb/zet3Lj3xrjl9uKf/IDfc+d9cj1S3LHZ08cn0pb8UeeefSWxYdftCO3/7fH+NW24q/Y+Xjv3L0PPJjb/+E4PrPbiv/0Oz/4p7uevO/Z3Pghxu9rK/7qnZu+3Du494Tc+A/G8elvb/68sOP0pwYH/zKUF/+JGH9uW/Hv3H7bO+6Yf9OZued3ZRyfgbbin338/dfN2XvfMXnXzuT2bn3nBHhtOix9jXVDWm43z+xUQ77wzaFK7TXfnPT/3G42lDHWzrwZjA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKvTb68+9ZPnveejqypJCEnOPvuaiPeVZ61YMdRGuyPPPHrL4sMv2tFYt6iNOAAAAECxmIeX6jXVsChcnswORzfdP64RHB1LycT67BpCjJNdI2g3TqlLccpdilPpUpyeLsWZ1aU4vV2KUy2IUw2txZk9ZZxSy/3p61Kc/i7FmdOlOHO7FGdel+LM71KcgSnjtD4PF3QpzsIuxTmsS3EO71KcI7oU53VdinNkl+Jk15SnOw/npnselRdn/Ea5ME4lKdfvaLaeHts5psN2+ltsJ/f7cYvtzG6xneMyjytNs51qi+28scN2khbbeXOH7ZQK2onz9ops/2I7sdTi/L+yS3G2dSnOVV2Kc3WX4ny+S3G+0KU413QYB6BVMf/fn+8NhN7Ku0JfesXJrgLEfHfx+NfJ3+/yLkgx3hsy9bOK4mUT9Uy8xdPtX3YBIRNvSaa+Z0K8Sj0fmSJetTHe0sydhcebXVDI9O/ETH1vUbzswgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzKDfXn3qJ897z0dXhSSM/WtqXxPxvvKsFSuG2mh316qbl5ZXP7y7sa630kYgAAAAoFDMw3vqNdXQW1keepNZE/arpusA1bRcHqhtB+eFlWPbZKg0Xu5LFkz5uEr6uGVbN2xatuXKbW9dt2HkktFLRje+ffmpy08fPu3005atXbd+dLj2NYTegnghhPHlhy1XbvvsyPr1o5u31Cqz/V+UPm5RWk7Sxw2+LQyPba9N+7+woL3SpPZm7kbx2QMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+g137C3XzrOMA/rxJTpKdrTayf1lZT0P/jKpD25pJp2N5QXCwtaWHgSTT4yiuxeHpWrZ21Bm3gttsUYSNQqn0plKHm8Ob/XFD3B8KlVkteGqRbegu9ELZdNKNXkhHpOfkzUnSpDmNY926z+fifZPn+T3PL08uDnzfEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADggzVVL09UK+O10SiEqE9No4dkLp2N49IQfb/+/NYf58ZOLm8fy2WG2AgAAAAYKMnhI62RfMhl0iEdrpp+tzi0TYTZ3A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHz8TNXLE9XKeO3iKISoT02jh2QunY3j0hB933jnyS+8Ojb2j/ax4hD7AAAAAIMlOTzVGsmHYlgSRqKrOuqSZwMLutZ31yX7LJxjXfezg351S+ZYd80c6z41oG5d874jAAAAwEdfkv8zrZFCyGXm9c3/g3J9Ureoqy7dvA/zWwEAAADg/5Pk/1xrpBhymWIrr8817y/uqkvWD/q/fbJ+WZ/1g/6fv7Z59396AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjomKqXJ6qV8Vo6CiHqU9PoIZlLZ+O4NETfVS+M/uuWQw8tbh/LZYbYCAAAABgoyeGz0TsfcpnRMBIuns79Yzftf/qrTz9bDiHMxPxsNuzYsG3b3atmrkndyiOHRn50+K3vnVG3cuZ63g4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8b6bq5YlqZbx2URRC1Kem0UMyl87GcWmIvq9/6St/e/z4c2+2jxWH2AcAAAAYLMnhs9k/H4ohG7Lhiul37Vn/tFTX+n7PDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIALxz3fue/bGyYnN97thRdeeNF6cb7/MgEAAO+3RSEKjXN05frz/akBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAPg6l6eaJaGa/loxCiPjWNHpK5dDaOS0P0jZ8/mpt38oWX2seKQ+wDAAAADJbk8Nnsnw/FMBJGwuXT73o9E5jO/4UP8EMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHypT9fJEtTJemxeFEPWpafSQzKWzcVwaou9jO/d98eD8H97cPpbLDLERAAAAMFCSw7OtkXzIZT4dcuHq5vvJzgVRunnv/Vxgdt3WjmWjc15X71iXnvO6XV0nyzRPM7Mun+xXmLm31pXOXFdqW1cMrfaljnVhT8eqeQM+ZwAAAIDzKMn/udZIIeQyubac+/OO+oKcCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0MVUvT1Qr47UoCiHqU9PoIZlLZ+O4NETf+37/yUu+8Yvd29vHikPsAwAAAAyW5PDZ7J8PxbAwfCIsnM79odBZn9T9u3rq4KP/+fvyEFZccWws03f/375+44vdlxBSnUWpEOY3+0V9+v3uj4/eu7Rx6vEQVlyevvpc+3VuGTeeqW5cu+3wsa1n+WIAAADgApLk/5HWSCHkMnf1zf9J8j6n/D//3p2/uqx5bSbyrhWpQrNfqk+/Ly998q/LVv/zrdP5/2z9Prdv88HLOhrOjHSJ4kZl8/Z1x647kEpOPdM/3dU/+V6+9t03/7tpxyOnZvrnQ745viDTq/+Z1y4XxY3J1N7amvf21jv7Z/qc/6E/vHT8Nwt2v3u6/zuLRlv9rznL+c/ef/TWh/dcv+/Qus7+IYRSr/5vv3tzuPLPdz7Yff7Rro3bv/n2a5cobhxZfOLA6v3FGzr7R139k+//l8cf2/OzR37wbNI/+a3I8iVz7Z/q6v/Krkt3vvzA+gWd/VN9zv/iba+ObSl9/0/d579j6PM/ce1Tt7+2Ib6/ewoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODCMlUvT1Qr47VUFELUp6bRQzKXzsZxaYi+b9xy9O3bdv/0J+1jxSH2AQAAAAZLcvhs9s+HYsiGbBidzv3PVDeu3Xb42NZQmJmNmvfM5JZ7tn1m05btd91xnj45AAAAMFdJ/s+0Rgohl1kaRpr5v7J5+7pj1x1IJfk/leT/TXdOblwRWnWv7Lp058sPrF/Qek4QwvTPAvKn6z4/W3fTjUcLJ/7yrWU961bN1h1ZfOLA6v3FG5K60F63MrSeTzxx7VO3v7Yhvr/1+drrPvvNLZPNxxPJvqO3Przn+n2H1rXO0byPNvdN6iZTe2tr3ttbT+rSzXu+eW4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4ExT9fJEtTJeC+kQoj41jR6SuXQ2jktD9F2z9NcPXnLyuYXtY7nMEBsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA/duBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrBfN6F1VH0cgM+5N3lzm5u0SfuCUTFNq6LUhUVBRDcqKtKKFFxVilRbuxAFQUSpC1NpxVIVN4LVTREV1CgFBRuLpVVS8au4caGCQnUhlGJAG4oLlSTn3N5MM16dVEF9HhjOPWdmfvOfOSeTewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5RerqGZtrDO+6fuuWcGz569K4Tj9z0zr3bLnr41e9GNl334d7el05ObF6x5cvrl23af/ea8d3PH/qp/61fjnYMfmi2WZW6jRDi8RhC493JZx6b+Pis6bEYQqjHgdEQBuPSQ4OxkLD65xDC5ladc3e+eeLyLdPttl09c8aXFEKK9xWa9VzPrIG59fLv0kjrbOvUg5eEr69dv/3T5W+83j12bPTUIbHRtp5CWLyx/fzuEMKitE3Lq20on5zadSGE3rbzruxQ1/l/sP5LS/rnpvZ/qW12yMn7Vxb6tcJxxX7WXWh7O1xvocrqqHpcJ32FfvFltFBldebxwdS+ndpVfzK/nrcYajF0tcq/J55aI6Ft3mKIM3PZaPVrrbkN6f4L/Vjo1wr9enfhvmaumxZaPca54/m4wnh+HXel8RXt7+p53FoyfnZqG+kP9WTuh+KHWc3TPrTua0aua/J3avk71NreQfONtyY+TUYzjTXj0tPO+XUeed/E+icurG947/BASR1xb0z5sVL+1k8G+25/becDQ2X5G2spv1Yp/5u1R364becLz5XmP53z65XyLzvQe3zt+ztWlj6fyfx8uirl33H0gyeX///OsdL69+T8RqX8a8aP9PRPHThYWv/q/HwWVcr/6uobv33l833HSvNDzu+tlL9h/L6neoanLi7NP5ifT7Pa+vlx7Iovhoe/HynL/yzn91fKf3l091UvLtm1pnR+1+XnM1Ap/+YL9m/vm9p3Xtm7M+45U/85Af6blqXvWI+nftXfmQvV9nvh2ZGu2e98fWnrP5MXKpi+zuK/MB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA39iBAxIAAAAAQf9ftyNQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICnAgAA//+RkzVa")
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) (async, rerun: 64)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
[ 59.336606][ T5330] loop0: detected capacity change from 0 to 512
[ 59.359172][ T5330] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[ 59.372131][ T5330] EXT4-fs (loop0): can't mount with both data=journal and dax
[ 59.529642][ T5315] Bluetooth: hci0: command tx timeout
[ 59.724515][ T5331] loop0: detected capacity change from 0 to 32768
[ 60.122898][ T5331] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[ 60.128847][ T5331] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[ 60.132322][ T5331] bcachefs (loop0): Version upgrade required:
[ 60.132322][ T5331] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[ 60.132322][ T5331] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots
[ 60.132322][ T5331] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[ 60.205158][ T5331] bcachefs (loop0): error validating btree node at btree alloc level 0/0
[ 60.205182][ T5331] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0
[ 60.205193][ T5331] node offset 8/24 bset u64s 375 bset byte offset 184: keys out of order: u64s 11 type alloc_v4 0:32:0 len 0 ver 0 > u64s 11 type alloc_v4 0:2:0 len 0 ver 0, shutting down
[ 60.220540][ T5331] bcachefs (loop0): inconsistency detected - emergency read only at journal seq 10
[ 60.224348][ T5331] bcachefs (loop0): flagging btree alloc lost data
[ 60.231119][ T5331] error reading btree root alloc l=0: btree_node_read_error, shutting down
[ 60.234600][ T5331] bcachefs (loop0): bch2_fs_recovery(): error fsck_errors_not_fixed
[ 60.237212][ T5331] bcachefs (loop0): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed
[ 60.240825][ T5331] bcachefs (loop0): shutting down
[ 60.252045][ T5331] bcachefs (loop0): shutdown complete
[ 60.260736][ T1049] ==================================================================
[ 60.263584][ T1049] BUG: KASAN: slab-use-after-free in percpu_ref_put+0xda/0x250
[ 60.267199][ T1049] Read of size 8 at addr ffff88803f2be0b0 by task kworker/u4:8/1049
[ 60.270164][ T1049]
[ 60.271122][ T1049] CPU: 0 UID: 0 PID: 1049 Comm: kworker/u4:8 Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0
[ 60.274973][ T1049] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 60.279044][ T1049] Workqueue: loop0 loop_rootcg_workfn
[ 60.281007][ T1049] Call Trace:
[ 60.282258][ T1049]
[ 60.283399][ T1049] dump_stack_lvl+0x241/0x360
[ 60.285918][ T1049] ? __pfx_dump_stack_lvl+0x10/0x10
[ 60.287833][ T1049] ? __pfx__printk+0x10/0x10
[ 60.289583][ T1049] ? _printk+0xd5/0x120
[ 60.291191][ T1049] ? __virt_addr_valid+0x183/0x530
[ 60.293102][ T1049] ? __virt_addr_valid+0x183/0x530
[ 60.295163][ T1049] print_report+0x169/0x550
[ 60.296925][ T1049] ? __virt_addr_valid+0x183/0x530
[ 60.298900][ T1049] ? __virt_addr_valid+0x183/0x530
[ 60.300915][ T1049] ? __virt_addr_valid+0x45f/0x530
[ 60.302706][ T1049] ? __phys_addr+0xba/0x170
[ 60.304371][ T1049] ? percpu_ref_put+0xda/0x250
[ 60.306098][ T1049] kasan_report+0x143/0x180
[ 60.307694][ T1049] ? percpu_ref_put+0xda/0x250
[ 60.309400][ T1049] ? percpu_ref_put+0x1f/0x250
[ 60.311189][ T1049] percpu_ref_put+0xda/0x250
[ 60.312859][ T1049] blk_update_request+0x5e5/0x1160
[ 60.314555][ T1049] blk_mq_end_request+0x3e/0x70
[ 60.316364][ T1049] loop_process_work+0x1bc8/0x21c0
[ 60.318267][ T1049] ? __pfx_loop_process_work+0x10/0x10
[ 60.320191][ T1049] ? register_lock_class+0x102/0x980
[ 60.322090][ T1049] ? try_to_wake_up+0x91b/0x1470
[ 60.323838][ T1049] ? do_raw_spin_lock+0x14f/0x370
[ 60.325550][ T1049] ? __pfx_register_lock_class+0x10/0x10
[ 60.327531][ T1049] ? mark_lock+0x9a/0x360
[ 60.329099][ T1049] ? do_raw_spin_unlock+0x58/0x8b0
[ 60.330891][ T1049] ? __pfx_lock_acquire+0x10/0x10
[ 60.332684][ T1049] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 60.334858][ T1049] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 60.337003][ T1049] ? process_scheduled_works+0x976/0x1850
[ 60.339042][ T1049] process_scheduled_works+0xa63/0x1850
[ 60.341026][ T1049] ? __pfx_process_scheduled_works+0x10/0x10
[ 60.343219][ T1049] ? assign_work+0x364/0x3d0
[ 60.344906][ T1049] worker_thread+0x870/0xd30
[ 60.346571][ T1049] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 60.348834][ T1049] ? __kthread_parkme+0x169/0x1d0
[ 60.350696][ T1049] ? __pfx_worker_thread+0x10/0x10
[ 60.352607][ T1049] kthread+0x2f0/0x390
[ 60.354082][ T1049] ? __pfx_worker_thread+0x10/0x10
[ 60.355934][ T1049] ? __pfx_kthread+0x10/0x10
[ 60.357679][ T1049] ret_from_fork+0x4b/0x80
[ 60.359412][ T1049] ? __pfx_kthread+0x10/0x10
[ 60.361114][ T1049] ret_from_fork_asm+0x1a/0x30
[ 60.362931][ T1049]
[ 60.364178][ T1049]
[ 60.365078][ T1049] Allocated by task 5331:
[ 60.366677][ T1049] kasan_save_track+0x3f/0x80
[ 60.368420][ T1049] __kasan_kmalloc+0x98/0xb0
[ 60.370128][ T1049] __kmalloc_cache_noprof+0x19c/0x2c0
[ 60.372036][ T1049] __bch2_dev_alloc+0x57/0xa60
[ 60.373699][ T1049] bch2_dev_alloc+0xd4/0x170
[ 60.375341][ T1049] bch2_fs_open+0x2e3f/0x2f80
[ 60.376986][ T1049] bch2_fs_get_tree+0x738/0x1710
[ 60.378800][ T1049] vfs_get_tree+0x90/0x2b0
[ 60.380436][ T1049] do_new_mount+0x2be/0xb40
[ 60.382174][ T1049] __se_sys_mount+0x2d6/0x3c0
[ 60.383906][ T1049] do_syscall_64+0xf3/0x230
[ 60.385632][ T1049] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 60.387699][ T1049]
[ 60.388602][ T1049] Freed by task 5331:
[ 60.390173][ T1049] kasan_save_track+0x3f/0x80
[ 60.391991][ T1049] kasan_save_free_info+0x40/0x50
[ 60.393757][ T1049] __kasan_slab_free+0x59/0x70
[ 60.395571][ T1049] kfree+0x1a0/0x440
[ 60.397051][ T1049] kobject_put+0x22f/0x480
[ 60.398739][ T1049] bch2_fs_free+0x27b/0x3c0
[ 60.400472][ T1049] bch2_fs_get_tree+0xd9f/0x1710
[ 60.402262][ T1049] vfs_get_tree+0x90/0x2b0
[ 60.403988][ T1049] do_new_mount+0x2be/0xb40
[ 60.405700][ T1049] __se_sys_mount+0x2d6/0x3c0
[ 60.407323][ T1049] do_syscall_64+0xf3/0x230
[ 60.409017][ T1049] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 60.411185][ T1049]
[ 60.412081][ T1049] The buggy address belongs to the object at ffff88803f2be000
[ 60.412081][ T1049] which belongs to the cache kmalloc-4k of size 4096
[ 60.416949][ T1049] The buggy address is located 176 bytes inside of
[ 60.416949][ T1049] freed 4096-byte region [ffff88803f2be000, ffff88803f2bf000)
[ 60.421975][ T1049]
[ 60.422879][ T1049] The buggy address belongs to the physical page:
[ 60.425195][ T1049] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3f2b8
[ 60.428278][ T1049] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 60.431387][ T1049] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[ 60.434128][ T1049] page_type: f5(slab)
[ 60.435619][ T1049] raw: 04fff00000000040 ffff88801ac42140 dead000000000100 dead000000000122
[ 60.438821][ T1049] raw: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000
[ 60.442014][ T1049] head: 04fff00000000040 ffff88801ac42140 dead000000000100 dead000000000122
[ 60.445224][ T1049] head: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000
[ 60.448426][ T1049] head: 04fff00000000003 ffffea0000fcae01 ffffffffffffffff 0000000000000000
[ 60.451469][ T1049] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 60.454520][ T1049] page dumped because: kasan: bad access detected
[ 60.456861][ T1049] page_owner tracks the page as allocated
[ 60.458948][ T1049] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 18016725822, free_ts 0
[ 60.465949][ T1049] post_alloc_hook+0x1f3/0x230
[ 60.467752][ T1049] get_page_from_freelist+0x3649/0x3790
[ 60.469847][ T1049] __alloc_pages_noprof+0x292/0x710
[ 60.471633][ T1049] alloc_pages_mpol_noprof+0x3e8/0x680
[ 60.473640][ T1049] alloc_slab_page+0x6a/0x140
[ 60.475431][ T1049] allocate_slab+0x5a/0x2f0
[ 60.477152][ T1049] ___slab_alloc+0xcd1/0x14b0
[ 60.479030][ T1049] __slab_alloc+0x58/0xa0
[ 60.480747][ T1049] __kmalloc_cache_noprof+0x1d5/0x2c0
[ 60.482745][ T1049] inet6_net_init+0x57b/0x990
[ 60.484568][ T1049] ops_init+0x31e/0x590
[ 60.486474][ T1049] register_pernet_operations+0x30d/0x630
[ 60.489066][ T1049] register_pernet_subsys+0x28/0x40
[ 60.491128][ T1049] inet6_init+0x1f5/0x6a0
[ 60.492688][ T1049] do_one_initcall+0x248/0x880
[ 60.494650][ T1049] do_initcall_level+0x157/0x210
[ 60.496546][ T1049] page_owner free stack trace missing
[ 60.498592][ T1049]
[ 60.499494][ T1049] Memory state around the buggy address:
[ 60.501863][ T1049] ffff88803f2bdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 60.504870][ T1049] ffff88803f2be000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 60.507685][ T1049] >ffff88803f2be080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 60.510654][ T1049] ^
[ 60.512770][ T1049] ffff88803f2be100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 60.515597][ T1049] ffff88803f2be180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 60.518556][ T1049] ==================================================================
[ 60.630532][ T1049] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 60.633356][ T1049] CPU: 0 UID: 0 PID: 1049 Comm: kworker/u4:8 Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0
[ 60.637295][ T1049] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 60.641355][ T1049] Workqueue: loop0 loop_rootcg_workfn
[ 60.643528][ T1049] Call Trace:
[ 60.644813][ T1049]
[ 60.645913][ T1049] dump_stack_lvl+0x241/0x360
[ 60.647705][ T1049] ? __pfx_dump_stack_lvl+0x10/0x10
[ 60.649622][ T1049] ? __pfx__printk+0x10/0x10
[ 60.651355][ T1049] ? preempt_schedule+0xe1/0xf0
[ 60.653285][ T1049] ? vscnprintf+0x5d/0x90
[ 60.654889][ T1049] panic+0x349/0x880
[ 60.656360][ T1049] ? check_panic_on_warn+0x21/0xb0
[ 60.658320][ T1049] ? __pfx_panic+0x10/0x10
[ 60.660082][ T1049] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 60.662341][ T1049] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 60.664765][ T1049] ? print_report+0x502/0x550
[ 60.666538][ T1049] check_panic_on_warn+0x86/0xb0
[ 60.668295][ T1049] ? percpu_ref_put+0xda/0x250
[ 60.670062][ T1049] end_report+0x77/0x160
[ 60.671606][ T1049] kasan_report+0x154/0x180
[ 60.673250][ T1049] ? percpu_ref_put+0xda/0x250
[ 60.675044][ T1049] ? percpu_ref_put+0x1f/0x250
[ 60.676760][ T1049] percpu_ref_put+0xda/0x250
[ 60.678480][ T1049] blk_update_request+0x5e5/0x1160
[ 60.680433][ T1049] blk_mq_end_request+0x3e/0x70
[ 60.682308][ T1049] loop_process_work+0x1bc8/0x21c0
[ 60.684121][ T1049] ? __pfx_loop_process_work+0x10/0x10
[ 60.686088][ T1049] ? register_lock_class+0x102/0x980
[ 60.687857][ T1049] ? try_to_wake_up+0x91b/0x1470
[ 60.689617][ T1049] ? do_raw_spin_lock+0x14f/0x370
[ 60.691573][ T1049] ? __pfx_register_lock_class+0x10/0x10
[ 60.693907][ T1049] ? mark_lock+0x9a/0x360
[ 60.695437][ T1049] ? do_raw_spin_unlock+0x58/0x8b0
[ 60.697282][ T1049] ? __pfx_lock_acquire+0x10/0x10
[ 60.699081][ T1049] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 60.701252][ T1049] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 60.703740][ T1049] ? process_scheduled_works+0x976/0x1850
[ 60.705850][ T1049] process_scheduled_works+0xa63/0x1850
[ 60.707870][ T1049] ? __pfx_process_scheduled_works+0x10/0x10
[ 60.710135][ T1049] ? assign_work+0x364/0x3d0
[ 60.711944][ T1049] worker_thread+0x870/0xd30
[ 60.713671][ T1049] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 60.715852][ T1049] ? __kthread_parkme+0x169/0x1d0
[ 60.717749][ T1049] ? __pfx_worker_thread+0x10/0x10
[ 60.719784][ T1049] kthread+0x2f0/0x390
[ 60.721312][ T1049] ? __pfx_worker_thread+0x10/0x10
[ 60.723089][ T1049] ? __pfx_kthread+0x10/0x10
[ 60.724814][ T1049] ret_from_fork+0x4b/0x80
[ 60.726478][ T1049] ? __pfx_kthread+0x10/0x10
[ 60.728278][ T1049] ret_from_fork_asm+0x1a/0x30
[ 60.730109][ T1049]
[ 60.731589][ T1049] Kernel Offset: disabled
[ 60.733242][ T1049] Rebooting in 86400 seconds..