last executing test programs: 12m52.61708932s ago: executing program 32 (id=4884): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000140)={0x80, 0x6, 0x303, 0xfffd, 0x13, 0x0, 0x0}) 9m7.982445733s ago: executing program 33 (id=7290): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000000c0)={0x28, 0x1411, 0x205, 0xf0bd29, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_STAT_RES={0x8, 0x4b, 0x13}]}, 0x28}}, 0x4001090) 3m26.87440231s ago: executing program 34 (id=10181): r0 = syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000580000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f00007ff000/0x2000)=nil) 3m21.968502637s ago: executing program 35 (id=10230): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="12014101f2c59620d016b8108edc0102030109022400010000100009040002020083ec0009050602000202000a09058202"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000100)={0x84, &(0x7f0000000000)=ANY=[@ANYBLOB="00010c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2m38.845618467s ago: executing program 4 (id=10593): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x11ff, 0x3331, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x5, "17321748"}]}}, 0x0}, 0x0) 2m38.736389665s ago: executing program 5 (id=10594): syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="120100001d906e20501dc6609b620103000109021b0001000010000904f7000176246700090582020002"], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) preadv(r0, &(0x7f0000000580)=[{&(0x7f0000000380)=""/191, 0xbf}], 0x1, 0x1ff, 0x8) 2m36.416342131s ago: executing program 1 (id=10610): sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, 0x0, 0x44000) setreuid(0x0, 0xee00) request_key(&(0x7f0000000440)='rxrpc_s\x00', &(0x7f0000000480)={'syz', 0x2}, &(0x7f0000000500)='/dev/vcsu#\x00', 0xffffffffffffffff) 2m35.91269981s ago: executing program 1 (id=10616): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/netfilter\x00') getdents64(r0, &(0x7f0000000000)=""/38, 0x26) getdents(r0, 0xffffffffffffffff, 0x5a) 2m35.82616082s ago: executing program 5 (id=10617): r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000000)=ANY=[@ANYBLOB="48000000140009052cbd7000fddbdf25022000cb", @ANYRES32, @ANYBLOB="0800040064010101080002"], 0x48}}, 0x0) sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 2m35.478798281s ago: executing program 4 (id=10619): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @reject={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_REJECT_TYPE={0x8, 0x1, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0) 2m35.347676595s ago: executing program 1 (id=10621): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r0, &(0x7f0000000580)=ANY=[@ANYBLOB="5300030002"], 0x8) 2m35.09582793s ago: executing program 5 (id=10624): r0 = socket$inet(0x2, 0x2, 0x1) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) 2m34.801996672s ago: executing program 1 (id=10625): capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x9}) r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000940), 0x800, 0x0) ioctl$RNDADDENTROPY(r0, 0x40085203, 0x0) 2m34.801646777s ago: executing program 4 (id=10626): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sys_enter\x00', r0}, 0x10) execve(0x0, 0x0, 0x0) 2m34.505529642s ago: executing program 5 (id=10628): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149e82, 0x244) setresuid(0x0, 0xee01, 0xffffffffffffffff) write$cgroup_int(r0, &(0x7f0000000000)=0xfe8e, 0x12) 2m34.327535559s ago: executing program 1 (id=10631): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) link(&(0x7f0000000080)='.\x00', &(0x7f00000000c0)='./file0\x00') 2m34.320654376s ago: executing program 4 (id=10644): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETSNDBUF(r0, 0x400454d4, 0x0) 2m33.783695562s ago: executing program 1 (id=10647): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149e82, 0x244) setresuid(0x0, 0xee01, 0xffffffffffffffff) write$cgroup_int(r0, &(0x7f0000000000)=0xfe8e, 0x12) 2m33.781413032s ago: executing program 5 (id=10648): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) link(&(0x7f0000000080)='.\x00', &(0x7f00000000c0)='./file0\x00') 2m33.374781446s ago: executing program 5 (id=10635): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f04000000000000000000850000000f000000850000007d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', r0}, 0x10) utime(0x0, 0x0) 2m33.350893227s ago: executing program 4 (id=10652): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) link(&(0x7f0000000080)='.\x00', &(0x7f00000000c0)='./file0\x00') 2m32.74198441s ago: executing program 4 (id=10640): r0 = socket(0xa, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, &(0x7f0000000240)={0x0, @in={{0x2, 0x0, @private=0xa010101}}}, &(0x7f0000000300)=0x90) 2m32.138636173s ago: executing program 7 (id=10643): r0 = socket(0x40000000015, 0x5, 0x0) bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) getsockname$packet(r0, 0x0, &(0x7f0000000380)) 2m31.777180579s ago: executing program 7 (id=10645): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNGETFILTER(r0, 0x801054db, 0x0) 2m31.018032777s ago: executing program 7 (id=10650): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x6}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a00010000000000000000001c000000", @ANYRES32=r0], 0x30}}, 0x0) 2m30.18832276s ago: executing program 7 (id=10654): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000007c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_POOL_SET(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000800)={0x54, r1, 0x1, 0x70bd28, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x20000008}, {0x6, 0x11, 0x8}, {0x8, 0x13, 0x6}, {0x5, 0x14, 0x1}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040000) 2m29.507852368s ago: executing program 7 (id=10656): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) link(&(0x7f0000000080)='.\x00', &(0x7f00000000c0)='./file0\x00') 2m29.026089596s ago: executing program 7 (id=10659): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f) close(r0) 2m18.28763941s ago: executing program 36 (id=10647): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149e82, 0x244) setresuid(0x0, 0xee01, 0xffffffffffffffff) write$cgroup_int(r0, &(0x7f0000000000)=0xfe8e, 0x12) 2m18.100320917s ago: executing program 37 (id=10635): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f04000000000000000000850000000f000000850000007d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', r0}, 0x10) utime(0x0, 0x0) 2m17.283704105s ago: executing program 38 (id=10640): r0 = socket(0xa, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, &(0x7f0000000240)={0x0, @in={{0x2, 0x0, @private=0xa010101}}}, &(0x7f0000000300)=0x90) 2m13.839102409s ago: executing program 39 (id=10659): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f) close(r0) 8.634785915s ago: executing program 8 (id=11551): r0 = syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1204408, &(0x7f00000008c0), 0x0, 0x51ab, &(0x7f000000a440)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd") ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000440)={0x2, 0x4, {0xffffffffffffffff, @struct={0x84, 0x3}, 0x0, 0x20000005, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @struct={0x1d, 0xce82}, 0x4000, 0x5, [0x0, 0x8, 0x9c, 0xfffffffffffffff9]}, {0xfffffffffffffffe, @struct={0x7, 0xa0000000}, 0x0, 0xffffffffffffffff, 0x1, 0x1, 0x0, 0x8, 0x58a, @struct={0x2, 0xf136}, 0x3, 0xe, [0x4, 0x1, 0x2, 0xfffffffffffffffc, 0x0, 0x1]}, {0x6, @usage=0xfffffffffffffffa, 0x0, 0x7, 0x807fc, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff, 0x440, @struct={0x0, 0x6}, 0xffffffff, 0x4, [0x80000000, 0x800004, 0x0, 0x3ff, 0x80]}}) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000000)={{r0}, {@void, @actul_num={@val=0x2d, 0x6, 0x47}}}) 6.324572753s ago: executing program 8 (id=11565): syz_mount_image$xfs(&(0x7f0000009600), &(0x7f0000009640)='./file0\x00', 0x200800, &(0x7f00000000c0)={[{@bsdgroups}, {@uqnoenforce}, {@swalloc}, {@filestreams}, {@grpquota}, {@allocsize={'allocsize', 0x3d, [0x30, 0x39, 0x6d]}}, {@gquota}], [{@flag='nomand'}]}, 0x4, 0x9606, &(0x7f0000012cc0)="$eJzs2gm8pnPhuP/nDGOXMVRSaiqiRdYsUc0MZigkS7QjS8pSUqESSgoVEe3Zt2xlCWVrJdlbKCFUskRabMP8X8ecYYyLb/36/l++dV3X63XO8zz3c9/3+Tyf972cw2wyaYOJg8Ecg2mNG8zceddOnjLm6nXvOGrz+Y9d5tR7DnjsiouOH3mcMPI4cTAYjBp5e2jasrGD004fNZj14eWPNveccw3NOxgsO/JyZD+DFac9zHvF9PWmztTMAx169Ns+074ebr7hHzH85PAD9jpiMBiMmWH7ocFgaPfHfVBpm0yYPOlRq0fchq1Gjzyf8Wu2aV/zXjwYzHvmgI+PGdcdego+0vDP3P0l545e9yn42f9xbTJh8loz+Q+fi7OMLFtx+Byf+Rw0NvNxfttim648MoUPH2+DwfAl7jHnyn9Em0yYtPbgia/zg6NWuXCfqdOum7MPpt0o5hwMBnONXF/neapd6t9rwsTlHr5nT389wj79WN6djosT3n7yQ8M36cFgsMBgMHbN6feCqqqq+s9owsTlVoP7/xxPdv8/5ZSFz+z+X1VV9Z/bWhMmLjd8r5/p/j/Pk93/d1z4oj2n/bf/8StO2+qhp/ZDVFVV1b/UpLXw/j/mye7/K6522drd/6uqqv5zW3+dh+//88x0/1/wye7/bzl5lUVG1pv+e8ODM+xyaIb/n/DADMtnmWH5/TMsHz3DfmZcf7YZlt87w/LZh9+D9ccNBmOn/3vBKY8uHjtu+L2R5ffNsHz8o/9OZ9HVZ1g+YYblk2ZYPnFkrMPLJ8+wfPIM66/5JFNdVVX1f6b1l5u02mCGf2c/snih6e/T/f+Cs65b8qkab1VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVf1n9tAdZ587GAyGBoPBqMFgymDk+YyPg6lTp04dfn3K+Zdf/pQN9P9GQ+ddO3nKmKvXveOozec/dplT7zng0Vn6j+0//xPUv9Ow/xzHjxsMtt/oqR5KPQV1/rvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+4h+44+9yRY2DUYDBlMPJ89+mPZ+3/5reOrLryxqfedfCjWy46fpuRZ+ddO3nKNk/B2J+ChoY/65ir173jqM3nP3aZU+854L/g7PnP/wT17/Sw/zZDg8HI+T1m+Fxed8L6Gy4xGAwOvuvUjVcYPPLeSsPvrTJ2lsEsD2+6xMPf11iUd7z7mtMexw9/W/CRfZzy8P7XmnrYLEMzDWKGXnXejUe9a5N7lp/5cfEn/hyjpj854voz7p46derUxywcaY4n2Hj6/qd/lpnP85GxLzE89qV22u69S71/l12X3Ga7zbbecustt19muZWWX2HZZVZY+RVLbbXNtlsuPe37E8zZuIe/r/bPzNk8M8/ZHRNmnLOZP9sTzdm4J5+zh/c4ZdehDafP2az/4pyt9uRzNm6bkR+06PjRg00fnpqhwWDR1UcPdh5+sczsg8Gia4ysu9DwuquOHTUY7P/oBx1+Nvsjx+DQ7sPrbDJpg4mPjuzxn/Bx1+nHrLjo+JHHCSOPE6cNcdzg0UNx7OC000cNz8VjpnnuOecamncwWHbk5ch+BiuPvHvo9PWmztTMAx169Ns+074ebr7hnQw/effSZ18zfC7OtP3/H/0/Xf8f57XS0CMTNTTyNbLONK8Jk9d69Gc9PA3DczfLyLIVh01mnrP/zR433nGzDsY8yXgnrTVxueHFM83/9E3w+LpzsQs/PO3YGr/itK0e+n9GofHO8yTjXWsCjneeJxvv8R+59PRpu/pfG+9M17q1H/4+/p+51g2e/Fo3C+1gy0sWmfla97onHuJjzuPpczT7TCs90bVu50OW3X14/+Of/Fq39vDYRz/mWjdqMFh0tenXuuEL36TRg/2HXyw7/GLy6MGxwy+We/jFnIPzh1+8/J07bLvF8II1p8/J0sP7HT926GH3C1e8dfGpB06duvrIWMaPfexYR46PcTPezyeMnTaZ07edvt/hVafv95ZnTntv0sh+J/wL+52+LY33rvmmvTd5ZL8TZ9rv6CfZ7/RtH3c+LDH0yIXrCa43k2a63oz8jTP9xz3ma7ZpX/NePBjMeyb5zrTu/3jNpPN3jicZ74SJy602PL6Zzt9HDkc6fy+dfPXwvWLewWCwwGAwds3pY/8XG3qi8c765OOdCOOd9cnGe+Vx263zvzDewQzjfcxxtsn6046VNUeOs8n/wvE7fduZr2OjH3532mV/zX/mOjbucdexPWYZNdNkz9AT/c62Baw/7flCj/6ee+1Jx0yf+9Ez7fd/+p1ths8yBNexMTP9PT9qzRsGQzTnux+/6mVDBz35nI8ePPZvi+lzPn3bJ5vzyf/MnD/nyef8n/09eYkXTnt/9Ezjn3HO19vv2ftOn/PZZtrv/zTnk5/83vH4OR8/GE1zvvT90+btya6nTzTn07edPufDH3GVsbMO1hi+Z43M+aR/Zs4X+t85zueC9ac93/KRReccdeobp8/5zHP8P835pH91zsc9cpwv+vB7Lxg1mG22wc6b7bTTjstM+z795bLTvvO16N5rp83zk91Ln8ho+rZPdl6s/s8YjfmnjIb+J6OFZ30io0dPrSN32PEZ/6/XotX/VaMBX4uuPmbavD3Z70VPNOfTt6X74IIzbD/z36Hrr/Pw793zzHQfnL4J3gfPOWvtvafvcmSzB2ca5vT76gMzLJ9lhuX3z7B89Az7mXH92WZYfu8My4c/wmwzrD+dddzw37wjy6c8uvrY4V+exo0sv2+G5eMf3XbR1WdYPmGG5ZNmWD7x0UNj0ckzLJ88w/prDv7Fpv836W1mvsjXP1v//ddd/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+4h+44+9yRY2DUYDBlMO350MjjYPeh9W5/zfDjYDAYveKJU9d7qsf7FDd03rWTp4y5et07jtp8/mOXOfWeA/4Lzp7//E9Q/04P+28zNBiMnN9jthkMButOWH/DJQaDwXpTT1xx1OCR9xYafm/VsaMGg/2HHrOD2R9ZZ2j34XU2mbTBxMFgjpE1xj3uhz7uPHrMiouOH3mcMPI4cdr1adzg0eN17OC000cNZn14+aPNPedcQ/MOBsuOvBzZz2DFaQ/zXjF9vakzNfNAhx79ts+0r4ebb/hHDD/ZeevJzx2eq5m2/z/T9Gv1NqP+x1U7/93l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u/jX/jpb/thJ1l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5i3vojrPPHTkGRg0GUwbTng/tPvI4GDr5tBePHCKjd7nq6MOe6vE+xQ2dd+3kKWOuXveOozaf/9hlTr3ngP+Cs+c//xPUv9PD/tsMDQYj5/eYbQaDwboT1t9wicFgcNjRV+0yavDIewsNv7fq2FGDwf5Dj9nB7I+sM7T78DqbTNpg4mAwx8ga4x73Qx93Hj1mxUXHjzxOGHmcOO36NG7w6PE6dnDa6aMGsz68/NHmnnOuoXkHg2VHXo7sZ7DitId5r5i+3tSZmnmgQ49+22fa18PNN/wjhp/sNc+1Jw/P1Uzb/59p+rV6m1H/46qd/+7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5S/uoTvOPnfkGBg1GEwZTHs+auRxaPebb9ptw+HH4dfzr7n3tU/1eJ/ihs67dvKUMVeve8dRm89/7DKn3nPAf8HZ85//Cerfadh/juPHDQbbb/RUD6Wegjr/3eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvLX9xDd5x97sjTUY8uHbV7xwU2dN61k6eMuXrdO47afP5jlzn1ngOe6gH9uz2B/x75Yxb/PfPHLP4fzx+z+H8if8ziv1f+mMX/k/ljFv+988cs/p/KH7P4fzp/zOK/T/6YxX/f/DGL/375Yxb/z+SPWfw/mz9m8f9c/pjFf//8MYv/AfljFv/P549Z/A/MH7P4H5Q/ZvH/Qv6Yxf/g/DGL/yH5Yxb/L+aPWfy/lD9m8f9y/pjF/yv5Yxb/r+aPWfy/lj9m8f96/pjF/xv5Yxb/Q/PHLP6H5Y9Z/A/PH7P4H5E/ZvE/Mn/M4n9U/pjF/+j8MYv/MfljFv9j88cs/sflj1n8j88fs/h/M3/M4n9C/pjF/8T8MYv/SfljFv+T88cs/qfkj1n8v5U/ZvH/dv6Yxf/U/DGL/2n5Yxb/0/PHLP5n5I9Z/L+TP2bxPzN/zOJ/Vv6Yxf/s/DGL/3fzxyz+38sfs/ifkz9m8T83f8zif17+mMX//Pwxi/8F+WMW/+/nj1n8f5A/ZvH/Yf6Yxf9H+WMW/x/nj1n8f5I/ZvG/MH/M4n9R/pjF/6f5Yxb/i/PHLP4/yx+z+F+SP2bxvzR/zOJ/Wf6Yxf/y/DGL/xX5Yxb/K/PHLP5X5Y9Z/H+eP2bx/0X+mMX/l/ljFv9f5Y9Z/K/OH7P4X5M/ZvH/df6Yxf83+WMW/2vzxyz+v80fs/hflz9m8b8+f8zif0P+mMX/d/ljFv8b88cs/jflj1n8b84fs/j/Pn/M4v+H/DGL/x/zxyz+t+SPWfz/lD9m8b81f8zif1v+mMX/9vwxi/8d+WMW/z/nj1n878wfs/jflT9m8f9L/pjF/+78MYv/X/PHLP5/yx+z+P89f8zi/4/8MYv/PfljFv9788cs/vflj1n8788fs/g/kD9m8Z+SP2bxfzB/zOL/UP6YxX9q/pjEf5ZB/pjFfyh/zOI/Kn/M4j9L/pjFf9b8MYv/6Pwxi/9s+WMW/9nzxyz+c+SPWfznzB+z+M+VP2bxnzt/zOI/T/6YxX/e/DGL/9Pyxyz+8+WPWfzH5I9Z/OfPH7P4j80fs/gvkD9m8V8wf8zi//T8MYv/M/LHLP7PzB+z+C+UP2bxf1b+mMV/4fwxi/+z88cs/s/JH7P4L5I/ZvF/bv6Yxf95+WMW/3H5Yxb/5+ePWfxfkP/jmnXk0eD/wvwxy/m/aP6YxX+x/DGL/4vyxyz+i+ePWfyXyB+z+L84f8zi/5L8MYv/S/PHLP4vyx+z+C+ZP2bxf3n+mMV/qfwxi//S+WMW/2Xyxyz+y+aPWfyXyx+z+C+fP2bxf0X+mMV/hfwxi/+K+WMW/5Xyxyz+K+ePWfxfmT9m8V8lf8ziv2r+mMX/VfljFv9X549Z/F+TP2bxH58/ZvGfkD9m8Z+YP2bxXy1/zOK/ev6YxX+N/DGL/6T8MYv/ZJX/LP/0mhb/NVX+/3wW/7Xyxyz+r80fs/i/Ln/M4r92/pjFf538MYv/uvljFv/X549Z/NfLH7P4vyF/zOK/fv6YxX+D/DGL/4b5Yxb/jfLHLP5vzB+z+G+cP2bx3yR/zOL/pvwxi/+b88cs/m/JH7P4vzV/zOL/tvwxi//b88cs/u/IH7P4b5o/ZvHfLH/M4r95/pjF/535Yxb/LfLHLP5b5o9Z/LfKH7P4b50/ZvF/V/6YxX+b/DGL/7vzxyz+78kfs/hvmz9m8d8uf8ziv33+mMV/h/wxi/9788cs/u/LH7P475g/ZvF/f/6YxX+n/DGL/wfyxyz+H8wfs/h/KH/M4r9z/pjFf5f8MYv/rvljFv8P549Z/D+SP2bx/2j+mMV/t/wxi//H8scs/rvnj1n898gfs/jvmT9m8f94/pjF/xP5Yxb/vfLHLP6fzB+z+O+dP2bx/1T+mMX/0/ljFv998scs/vvmj1n898sfs/h/Jn/M4v/Z/DGL/+fyxyz+++ePWfwPyB+z+H8+f8zif2D+mMX/oPwxi/8X8scs/gfnj1n8D8kfs/h/MX/M4v+l/DGL/5fzxyz+X8kfs/h/NX/M4v+1/DGL/9fzxyz+38gfs/gfmj9m8T8sf8zif3j+mMX/iPwxi/+R+WMW/6Pyxyz+R+ePWfyPyR+z+B+bP2bxPy5/zOJ/fP6Yxf+b+WMW/xPyxyz+J+aPWfxPyh+z+J+cP2bxPyV/zOL/rfwxi/+388cs/qfmj1n8T8sfs/ifnj9m8T8jf8zi/538MYv/mfljFv+z8scs/mfnj1n8v5s/ZvH/Xv6Yxf+c/DGL/7n5Yxb/8/LHLP7n549Z/C/IH7P4fz9/zOL/g/wxi/8P88cs/j/KH7P4/zh/zOL/k/wxi/+F+WMW/4vyxyz+P80fs/hfnD9m8f9Z/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8b8qf8zi//P8MYv/L/LHLP6/zB+z+P8qf8zif3X+mMX/mvwxi/+v88cs/r/JH7P4X5s/ZvH/bf6Yxf+6/DGL//X5Yxb/G/LHLP6/yx+z+N+YP2bxvyl/zOJ/c/6Yxf/3+WMW/z/kj1n8/5g/ZvG/JX/M4v+n/DGL/635Yxb/2/LHLP63549Z/O/IH7P4/zl/zOJ/Z/6Yxf+u/DGL/1/yxyz+d+ePWfz/mj9m8f9b/pjF/+/5Yxb/f+SPWfzvyR+z+N+bP2bxvy9/zOJ/f/6Yxf+B/DGL/5T8MYv/g/ljFv+H8scs/lPzxyT+sw7yxyz+Q/ljFv9R+WMW/1nyxyz+s+aPWfxH549Z/GfLH7P4z54/ZvGfI3/M4j9n/pjFf678MYv/3PljFv958scs/vPmj1n8n5Y/ZvGfL3/M4j8mf8ziP3/+mMV/bP6YxX+B/DGL/4L5Yxb/p+ePWfyfkT9m8X9m/pjFf6H8MYv/s/LHLP4L549Z/J+dP2bxf07+mMV/kfwxi/9z88cs/s/LH7P4j8sfs/g/P3/M4v+C/DGL/wvzxyz+i+aPWfwXyx+z+L8of8ziv3j+mMV/ifwxi/+L88cs/i/JH7P4vzR/zOL/svwxi/+S+WMW/5fnj1n8l8ofs/gvnT9m8V8mf8ziv2z+mMV/ufwxi//y+WMW/1fkj1n8V8gfs/ivmD9m8V8pf8ziv3L+mMX/lfljFv9V8scs/qvmj1n8X5U/ZvF/df6Yxf81+WMW//H5Yxb/CfljFv+J+WMW/9Xyxyz+q+ePWfzXyB+z+E/KH7P4T84fs/ivmT9m8V8rf8zi/9r8MYv/6/LHLP5r549Z/NfJH7P4r5s/ZvF/ff6YxX+9/DGL/xsGl+cPWfzX7/zHLP4b5I9Z/DfMH7P4b5Q/ZvF/Y/6YxX/j/DGL/yb5Yxb/N+WPWfzfnD9m8X9L/pjF/635Yxb/t+WPWfzfnj9m8X9H/pjFf9P8MYv/ZvljFv/N88cs/u/MH7P4b5E/ZvHfMn/M4r9V/pjFf+v8MYv/u/LHLP7b5I9Z/N+dP2bxf0/+mMV/2/wxi/92+WMW/+3zxyz+O+SPWfzfmz9m8X9f/pjFf8f8MYv/+/PHLP475Y9Z/D+QP2bx/2D+mMX/Q/ljFv+d88cs/rvkj1n8d80fs/h/OH/M4v+R/DGL/0fzxyz+u+WPWfw/lj9m8d89f8ziv0f+mMV/z/wxi//H88cs/p/IH7P475U/ZvH/ZP6YxX/v/DGL/6fyxyz+n84fs/jvkz9m8d83f8ziv1/+mMX/M/ljFv/P5o9Z/D+XP2bx3z9/zOJ/QP6Yxf/z+WMW/wPzxyz+B+WPWfy/kD9m8T84f8zif0j+mMX/i/ljFv8v5Y9Z/L+cP2bx/0r+mMX/q/ljFv+v5Y9Z/L+eP2bx/0b+mMX/0Pwxi/9h+WMW/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOJ/TP6Yxf/Y/DGL/3H5Yxb/4/PHLP7fzB+z+J+QP2bxPzF/zOJ/Uv6Yxf/k/DGL/yn5Yxb/b+WPWfy/nT9m8T81f8zif1r+mMX/9Pwxi/8Z+WMW/+/kj1n8z8wfs/iflT9m8T87f8zi/938MYv/9/LHLP7n5I9Z/M/NH7P4n5c/ZvE/P3/M4n9B/pjF//v5Yxb/H+SPWfx/mD9m8f9R/pjF/8f5Yxb/n+SPWfwvzB+z+F+UP2bx/2n+mMX/4vwxi//P8scs/pfkj1n8L80fs/hflj9m8b88f8zif0X+mMX/yvwxi/9V+WMW/5/nj1n8f5E/ZvH/Zf6Yxf9X+WMW/6vzxyz+1+SPWfx/nT9m8f9N/pjF/9r8MYv/b/PHLP7X5Y9Z/K/PH7P435A/ZvH/Xf6Yxf/G/DGL/035Yxb/m/PHLP6/zx+z+P8hf8zi/8f8MYv/LfljFv8/5Y9Z/G/NH7P435Y/ZvG/PX/M4n9H/pjF/8/5Yxb/O/PHLP535Y9Z/P+SP2bxvzt/zOL/1/wxi//f8scs/n/PH7P4/yN/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/Kfkj1n8H8wfs/g/lD9m8Z+aPybxHz3IH7P4D+WPWfxH5Y9Z/GfJH7P4z5o/ZvEfnT9m8Z8tf8ziP3v+mMV/jvwxi/+c+WMW/7nyxyz+c+ePWfznyR+z+M+bP2bxf1r+mMV/vvwxi/+Y/DGL//z5Yxb/sfljFv8F8scs/gvmj1n8n54/ZvF/Rv6Yxf+Z+WMW/4Xyxyz+z8ofs/gvnD9m8X92/pjF/zn5Yxb/RfLHLP7PzR+z+D8vf8ziPy5/zOL//Pwxi/8L8scs/i/MH7P4L5o/ZvFfLH/M4v+i/DGL/+L5Yxb/JfLHLP4vzh+z+L8kf8zi/9L8MYv/y/LHLP5L5o9Z/F+eP2bxXyp/zOK/dP6YxX+Z/DGL/7L5Yxb/5fLHLP7L549Z/F+RP2bxXyF/zOK/Yv6YxX+l/DGL/8r5Yxb/V+aPWfxXyR+z+K+aP2bxf1X+mMX/1fljFv/X5I9Z/Mfnj1n8J+SPWfwn5o9Z/FfLH7P4r54/ZvFfI3/M4j8pf8ziPzl/zOK/Zv6YxX+t/DGL/2vzxyz+r8sfs/ivnT9m8V8nf8ziv27+mMX/9fljFv/18scs/m/IH7P4r58/ZvHfIH/M4r9h/pjFf6P8MYv/G/PHLP4b549Z/DfJH7P4vyl/zOL/5vwxi/9b8scs/m/NH7P4vy1/zOL/9vwxi/878scs/pvmj1n8N8sfs/hvnj9m8X9n/pjFf4v8MYv/lvljFv+t8scs/lvnj1n835U/ZvHfJn/M4v/u/DGL/3vyxyz+2+aPWfy3yx+z+G+fP2bx3yF/zOL/3vwxi//78scs/jvmj1n8358/ZvHfKX/M4v+B/DGL/wfzxyz+H8ofs/jvnD9m8d8lf8ziv2v+mMX/w/ljFv+P5I9Z/D+aP2bx3y1/zOL/sfwxi//u+WMW/z3yxyz+e+aPWfw/nj9m8f9E/pjFf6/8MYv/J/PHLP57549Z/D+VP2bx/3T+mMV/n/wxi/+++WMW//3yxyz+n8kfs/h/Nn/M4v+5/DGL//75Yxb/A/LHLP6fzx+z+B+YP2bxPyh/zOL/hfwxi//B+WMW/0Pyxyz+X8wfs/h/KX/M4v/l/DGL/1fyxyz+X80fs/h/LX/M4v/1/DGL/zfyxyz+h+aPWfwPyx+z+B+eP2bxPyJ/zOJ/ZP6Yxf+o/DGL/9H5Yxb/Y/LHLP7H5o9Z/I/LH7P4H58/ZvH/Zv6Yxf+E/DGL/4n5Yxb/k/LHLP4n549Z/E/JH7P4fyt/zOL/7fwxi/+p+WMW/9Pyxyz+p+ePWfzPyB+z+H8nf8zif2b+mMX/rPwxi//Z+WMW/+/mj1n8v5c/ZvE/J3/M4n9u/pjF/7z8MYv/+fljFv8L8scs/t/PH7P4/yB/zOL/w/wxi/+P8scs/j/OH7P4/yR/zOJ/Yf6Yxf+i/DGL/0/zxyz+F+ePWfx/lj9m8b8kf8zif2n+mMX/svwxi//l+WMW/yvyxyz+V+aPWfyvyh+z+P88f8zi/4v8MYv/L/PHLP6/yh+z+F+dP2bxvyZ/zOL/6/wxi/9v8scs/tfmj1n8f5s/ZvG/Ln/M4n99/pjF/4b8MYv/7/LHLP435o9Z/G/KH7P435w/ZvH/ff6Yxf8P+WMW/z/mj1n8b8kfs/j/KX/M4n9r/pjF/7b8MYv/7fljFv878scs/n/OH7P435k/ZvG/K3/M4v+X/DGL/935Yxb/v+aPWfz/lj9m8f97/pjF/x/5Yxb/e/LHLP735o9Z/O/LH7P4358/ZvF/IH/M4j8lf8zi/2D+mMX/ofwxi//U/DGJ/2yD/DGL/1D+mMV/VP6YxX+W/DGL/6z5Yxb/0fljFv/Z8scs/rPnj1n858gfs/jPmT9m8Z8rf8ziP3f+mMV/nvwxi/+8+WMW/6flj1n858sfs/iPyR+z+M+fP2bxH5s/ZvFfIH/M4r9g/pjF/+n5Yxb/Z+SPWfyfmT9m8V8of8zi/6z8MYv/wvljFv9n549Z/J+TP2bxXyR/zOL/3Pwxi//z8scs/uPyxyz+z88fs/i/IH/M4v/C/DGL/6L5Yxb/xfLHLP4vyh+z+C+eP2bxXyJ/zOL/4vwxi/9L8scs/i/NH7P4vyx/zOK/ZP6Yxf/l+WMW/6Xyxyz+S+ePWfyXyR+z+C+bP2bxXy5/zOK/fP6Yxf8V+WMW/xXyxyz+K+aPWfxXyh+z+K+cP2bxf2X+mMV/lfwxi/+q+WMW/1flj1n8X50/ZvF/Tf6YxX98/pjFf0L+mMV/Yv6YxX+1/DGL/+r5Yxb/NfLHLP6T8scs/pPzxyz+a+aPWfzXyh+z+L82f8zi/7r8MYv/2vljFv918scs/uvmj1n8X58/ZvFfL3/M4v+G/DGL//r5Yxb/DfLHLP4b5o9Z/DfKH7P4vzF/zOK/cf6YxX+T/DGL/5vyxyz+b84fs/i/JX/M4v/W/DGL/9vyxyz+b88fs/i/I3/M4r9p/pjFf7P8MYv/5vljFv935o9Z/LfIH7P4b5k/ZvHfKn/M4r91/pjF/135Yxb/bfLHLP7vzh+z+L8nf8ziv23+mMV/u/wxi//2+WMW/x3yxyz+780fs/i/L3/M4r9j/pjF//35Yxb/nfLHLP4fyB+z+H8wf8zi/6H8MYv/zvljFv9d8scs/rvmj1n8P5w/ZvH/SP6Yxf+j+WMW/93yxyz+H8sfs/jvnj9m8d8jf8ziv2f+mMX/4/ljFv9P5I9Z/PfKH7P4fzJ/zOK/d/6Yxf9T+WMW/0/nj1n898kfs/jvmz9m8d8vf8zi/5n8MYv/Z/PHLP6fyx+z+O+fP2bxPyB/zOL/+fwxi/+B+WMW/4Pyxyz+X8gfs/gfnD9m8T8kf8zi/8X8MYv/l/LHLP5fzh+z+H8lf8zi/9X8MYv/1/LHLP5fzx+z+H8jf8zif2j+mMX/sPwxi//h+WMW/yPyxyz+R+aPWfyPyh+z+B+dP2bxPyZ/zOJ/bP6Yxf+4/DGL//H5Yxb/b+aPWfxPyB+z+J+YP2bxPyl/zOJ/cv6Yxf+U/DGL/7fyxyz+384fs/ifmj9m8T8tf8zif3r+mMX/jPwxi/938scs/mfmj1n8z8ofs/ifnT9m8f9u/pjF/3v5Yxb/c/LHLP7n5o9Z/M/LH7P4n58/ZvG/IH/M4v/9/DGL/w/yxyz+P8wfs/j/KH/M4v/j/DGL/0/yxyz+F+aPWfwvyh+z+P80f8zif3H+mMX/Z/ljFv9L8scs/pfmj1n8L8sfs/hfnj9m8b8if8zif2X+mMX/qvwxi//P88cs/r/IH7P4/zJ/zOL/q/wxi//V+WMW/2vyxyz+v84fs/j/Jn/M4n9t/pjF/7f5Yxb/6/LHLP7X549Z/G/IH7P4/y5/zOJ/Y/6Yxf+m/DGL/835Yxb/3+ePWfz/kD9m8f9j/pjF/5b8MYv/n/LHLP635o9Z/G/LH7P4354/ZvG/I3/M4v/n/DGL/535Yxb/u/LHLP5/yR+z+N+dP2bx/2v+mMX/b/ljFv+/549Z/P+RP2bxvyd/zOJ/b/6Yxf++/DGL//35Yxb/B/LHLP5T8scs/g/mj1n8H8ofs/hPzR+T+M8+yB+z+A/lj1n8R+WPWfxnyR+z+M+aP2bxH50/ZvGfLX/M4j97/pjFf478MYv/nPljFv+58scs/nPnj1n858kfs/jPmz9m8X9a/pjFf778MYv/mPwxi//8+WMW/7H5Yxb/BfLHLP4L5o9Z/J+eP2bxf0b+mMX/mfljFv+F8scs/s/KH7P4L5w/ZvF/dv6Yxf85+WMW/0Xyxyz+z80fs/g/L3/M4j8uf8zi//z8MYv/C/LHLP4vzB+z+C+aP2bxXyx/zOL/ovwxi//i+WMW/yXyxyz+L84fs/i/JH/M4v/S/DGL/8vyxyz+S+aPWfxfnj9m8V8qf8ziv3T+mMV/mfwxi/+y+WMW/+Xyxyz+y+ePWfxfkT9m8V8hf8ziv2L+mMV/pfwxi//K+WMW/1fmj1n8V8kfs/ivmj9m8X9V/pjF/9X5Yxb/1+SPWfzH549Z/Cfkj1n8J+aPWfxXyx+z+K+eP2bxXyN/zOI/KX/M4j85f8ziv2b+mMV/rfwxi/9r88cs/q/LH7P4r50/ZvFfJ3/M4r9u/pjF//X5Yxb/9fLHLP5vyB+z+K+fP2bx3yB/zOK/Yf6YxX+j/DGL/xvzxyz+G+ePWfw3yR+z+L8pf8zi/+b8MYv/W/LHLP5vzR+z+L8tf8zi//b8MYv/O/LHLP6b5o9Z/DfLH7P4b54/ZvF/Z/6YxX+L/DGL/5b5Yxb/rfLHLP5b549Z/N+VP2bx3yZ/zOL/7vwxi/978scs/tvmj1n8t8sfs/hvnz9m8d8hf8zi/978MYv/+/LHLP475o9Z/N+fP2bx3yl/zOL/gfwxi/8H88cs/h/KH7P475w/ZvHfJX/M4r9r/pjF/8P5Yxb/j+SPWfw/mj9m8d8tf8zi/7H8MYv/7vljFv898scs/nvmj1n8P54/ZvH/RP6YxX+v/DGL/yfzxyz+e+ePWfw/lT9m8f90/pjFf5/8MYv/vvljFv/98scs/p/JH7P4fzZ/zOL/ufwxi//++WMW/wPyxyz+n88fs/gfmD9m8T8of8zi/4X8MYv/wfljFv9D8scs/l/MH7P4fyl/zOL/5fwxi/9X8scs/l/NH7P4fy1/zOL/9fwxi/838scs/ofmj1n8D8sfs/gfnj9m8T8if8zif2T+mMX/qPwxi//R+WMW/2Pyxyz+x+aPWfyPyx+z+B+fP2bx/2b+mMX/hPwxi/+J+WMW/5Pyxyz+J+ePWfxPyR+z+H8rf8zi/+38MYv/qfljFv/T8scs/qfnj1n8z8gfs/h/J3/M4n9m/pjF/6z8MYv/2fljFv/v5o9Z/L+XP2bxPyd/zOJ/bv6Yxf+8/DGL//n5Yxb/C/LHLP7fzx+z+P8gf8zi/8P8MYv/j/LHLP4/zh+z+P8kf8zif2H+mMX/ovwxi/9P88cs/hfnj1n8f5Y/ZvG/JH/M4n9p/pjF/7L8MYv/5fljFv8r8scs/lfmj1n8r8ofs/j/PH/M4v+L/DGL/y/zxyz+v8ofs/hfnT9m8b8mf8zi/+v8MYv/b/LHLP7X5o9Z/H+bP2bxvy5/zOJ/ff6Yxf+G/DGL/+/yxyz+N+aPWfxvyh+z+N+cP2bx/33+mMX/D/ljFv8/5o9Z/G/JH7P4/yl/zOJ/a/6Yxf+2/DGL/+35Yxb/O/LHLP5/zh+z+N+ZP2bxvyt/zOL/l/wxi//d+WMW/7/mj1n8/5Y/ZvH/e/6Yxf8f+WMW/3vyxyz+9+aPWfzvyx+z+N+fP2bxfyB/zOI/JX/M4v9g/pjF/6H8MYv/1Pwxif8cg/wxi/9Q/pjFf1T+mMV/lvwxi/+s+WMW/9H5Yxb/2fLHLP6z549Z/OfIH7P4z5k/ZvGfK3/M4j93/pjFf578MYv/vPljFv+n5Y9Z/OfLH7P4j8kfs/jPnz9m8R+bP2bxXyB/zOK/YP6Yxf/p+WMW/2fkj1n8n5k/ZvFfKH/M4v+s/DGL/8L5Yxb/Z+ePWfyfkz9m8V8kf8zi/9z8MYv/8/LHLP7j8scs/s/PH7P4vyB/zOL/wvwxi/+i+WMW/8Xyxyz+L8ofs/gvnj9m8V8if8zi/+L8MYv/S/LHLP4vzR+z+L8sf8ziv2T+mMX/5fljFv+l8scs/kvnj1n8l8kfs/gvmz9m8V8uf8ziv3z+mMX/FfljFv8V8scs/ivmj1n8V8ofs/ivnD9m8X9l/pjFf5X8MYv/qvljFv9X5Y9Z/F+dP2bxf03+mMV/fP6YxX9C/pjFf2L+mMV/tfwxi//q+WMW/zXyxyz+k/LHLP6T88cs/mvmj1n818ofs/i/Nn/M4v+6/DGL/9r5Yxb/dfLHLP7r5o9Z/F+fP2bxXy9/zOL/hvwxi//6+WMW/w3yxyz+G+aPWfw3yh+z+L8xf8ziv3H+mMV/k/wxi/+b8scs/m/OH7P4vyV/zOL/1vwxi//b8scs/m/PH7P4vyN/zOK/af6YxX+z/DGL/+b5Yxb/d+aPWfy3yB+z+G+ZP2bx3yp/zOK/df6Yxf9d+WMW/23yxyz+784fs/i/J3/M4r9t/pjFf7v8MYv/9vljFv8d8scs/u/NH7P4vy9/zOK/Y/6Yxf/9+WMW/53yxyz+H8gfs/h/MH/M4v+h/DGL/875Yxb/XfLHLP675o9Z/D+cP2bx/0j+mMX/o/ljFv/d8scs/h/LH7P4754/ZvHfI3/M4r9n/pjF/+P5Yxb/T+SPWfz3yh+z+H8yf8ziv3f+mMX/U/ljFv9P549Z/PfJH7P475s/ZvHfL3/M4v+Z/DGL/2fzxyz+n8sfs/jvnz9m8T8gf8zi//n8MYv/gfljFv+D8scs/l/IH7P4H5w/ZvE/JH/M4v/F/DGL/5fyxyz+X84fs/h/JX/M4v/V/DGL/9fyxyz+X88fs/h/I3/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/2/mj1n8T8gfs/ifmD9m8T8pf8zif3L+mMX/lPwxi/+38scs/t/OH7P4n5o/ZvE/LX/M4n96/pjF/4z8MYv/d/LHLP5n5o9Z/M/KH7P4n50/ZvH/bv6Yxf97+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOL//fwxi/8P8scs/j/MH7P4/yh/zOL/4/wxi/9P8scs/hfmj1n8L8ofs/j/NH/M4n9x/pjF/2f5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/6r8MYv/z/PHLP6/yB+z+P8yf8zi/6v8MYv/1fljFv9r8scs/r/OH7P4/yZ/zOJ/bf6Yxf+3+WMW/+vyxyz+1+ePWfxvyB+z+P8uf8zif2P+mMX/pvwxi//N+WMW/9/nj1n8/5A/ZvH/Y/6Yxf+W/DGL/5/yxyz+t+aPWfxvyx+z+N+eP2bxvyN/zOL/5/wxi/+d+WMW/7vyxyz+f8kfs/jfnT9m8f9r/pjF/2/5Yxb/v+ePWfz/kT9m8b8nf8zif2/+mMX/vvwxi//9+WMW/wfyxyz+U/LHLP4P5o9Z/B/KH7P4T80fk/jPOcgfs/gP5Y9Z/Eflj1n8Z8kfs/jPmj9m8R+dP2bxny1/zOI/e/6YxX+O/DGL/5z5Yxb/ufLHLP5z549Z/OfJH7P4z5s/ZvF/Wv6YxX++/DGL/5j8MYv//PljFv+x+WMW/wXyxyz+C+aPWfyfnj9m8X9G/pjF/5n5Yxb/hfLHLP7Pyh+z+C+cP2bxf3b+mMX/OfljFv9F8scs/s/NH7P4Py9/zOI/Ln/M4v/8/DGL/wvyxyz+L8wfs/gvmj9m8V8sf8zi/6L8MYv/4vljFv8l8scs/i/OH7P4vyR/zOL/0vwxi//L8scs/kvmj1n8X54/ZvFfKn/M4r90/pjFf5n8MYv/svljFv/l8scs/svnj1n8X5E/ZvFfIX/M4r9i/pjFf6X8MYv/yvljFv9X5o9Z/FfJH7P4r5o/ZvF/Vf6Yxf/V+WMW/9fkj1n8x+ePWfwn5I9Z/Cfmj1n8V8sfs/ivnj9m8V8jf8ziPyl/zOI/OX/M4r9m/pjFf638MYv/a/PHLP6vyx+z+K+dP2bxXyd/zOK/bv6Yxf/1+WMW//Xyxyz+b8gfs/ivnz9m8d8gf8ziv2H+mMV/o/wxi/8b88cs/hvnj1n8N8kfs/i/KX/M4v/m/DGL/1vyxyz+b80fs/i/LX/M4v/2/DGL/zvyxyz+m+aPWfw3yx+z+G+eP2bxf2f+mMV/i/wxi/+W+WMW/63yxyz+W+ePWfzflT9m8d8mf8zi/+78MYv/e/LHLP7b5o9Z/LfLH7P4b58/ZvHfIX/M4v/e/DGL//vyxyz+O+aPWfzfnz9m8d8pf8zi/4H8MYv/B/PHLP4fyh+z+O+cP2bx3yV/zOK/a/6Yxf/D+WMW/4/kj1n8P5o/ZvHfLX/M4v+x/DGL/+75Yxb/PfLHLP575o9Z/D+eP2bx/0T+mMV/r/wxi/8n88cs/nvnj1n8P5U/ZvH/dP6YxX+f/DGL/775Yxb//fLHLP6fyR+z+H82f8zi/7n8MYv//vljFv8D8scs/p/PH7P4H5g/ZvE/KH/M4v+F/DGL/8H5Yxb/Q/LHLP5fzB+z+H8pf8zi/+X8MYv/V/LHLP5fzR+z+H8tf8zi//X8MYv/N/LHLP6H5o9Z/A/LH7P4H54/ZvE/In/M4n9k/pjF/6j8MYv/0fljFv9j8scs/sfmj1n8j8sfs/gfnz9m8f9m/pjF/4T8MYv/ifljFv+T8scs/ifnj1n8T8kfs/h/K3/M4v/t/DGL/6n5Yxb/0/LHLP6n549Z/M/IH7P4fyd/zOJ/Zv6Yxf+s/DGL/9n5Yxb/7+aPWfy/lz9m8T8nf8zif27+mMX/vPwxi//5+WMW/wvyxyz+388fs/j/IH/M4v/D/DGL/4/yxyz+P84fs/j/JH/M4n9h/pjF/6L8MYv/T/PHLP4X549Z/H+WP2bxvyR/zOJ/af6Yxf+y/DGL/+X5Yxb/K/LHLP5X5o9Z/K/KH7P4/zx/zOL/i/wxi/8v88cs/r/KH7P4X50/ZvG/Jn/M4v/r/DGL/2/yxyz+1+aPWfx/mz/2WP/RT/Vw/v2ewP+6/DHL+X99/pjF/4b8MYv/7/LHLP435o9Z/G/KH7P435w/ZvH/ff6Yxf8P+WMW/z/mj1n8b8kfs/j/KX/M4n9r/pjF/7b8MYv/7fljFv878scs/n/OH7P435k/ZvG/K3/M4v+X/DGL/935Yxb/v+aPWfz/lj9m8f97/pjF/x/5Yxb/e/LHLP735o9Z/O/LH7P4358/ZvF/IH/M4j8lf8zi/2D+mMX/ofwxi//U/DGJ/1yD/DGL/1D+mMV/VP6YxX+W/DGL/6z5Yxb/0fljFv/Z8scs/rPnj1n858gfs/jPmT9m8Z8rf+y/33+OR97K//H99/s/3Fzz5I9Z/OfNH7P4Py1/zOI/X/6YxX9M/pjFf/78MYv/2Pwxi/8C+WMW/wXzxyz+T88fs/g/I3/M4v/M/DGL/0L5Yxb/Z+WPWfwXzh+z+D87f8zi/5z8MYv/IvljFv/n5o9Z/J+XP2bxH5c/ZvF/fv6Yxf8F+WMW/xfmj1n8F80fs/gvlj9m8X9R/pjFf/H8MYv/EvljFv8X549Z/F+SP2bxf2n+mMX/ZfljFv8l88cs/i/PH7P4L5U/ZvFfOn/M4r9M/pjFf9n8MYv/cvljFv/l88cs/q/IH7P4r5A/ZvFfMX/M4r9S/pjFf+X8MYv/K/PHLP6r5I9Z/FfNH7P4vyp/zOL/6vwxi/9r8scs/uPzxyz+E/LHLP4T88cs/qvlj1n8V88fs/ivkT9m8Z+UP2bxn5w/ZvFfM3/M4r9W/pjF/7X5Yxb/1+WPWfzXzh+z+K+TP2bxXzd/zOL/+vwxi/96+WMW/zfkj1n8188fs/hvkD9m8d8wf8ziv1H+mMX/jfljFv+N88cs/pvkj1n835Q/ZvF/c/6Yxf8t+WMW/7fmj1n835Y/ZvF/e/6Yxf8d+WMW/03zxyz+m+WPWfw3zx+z+L8zf8ziv0X+mMV/y/wxi/9W+WMW/63zxyz+78ofs/hvkz9m8X93/pjF/z35Yxb/bfPHLP7b5Y9Z/LfPH7P475A/ZvF/b/6Yxf99+WMW/x3zxyz+788fs/jvlD9m8f9A/pjF/4P5Yxb/D+WPWfx3zh+z+O+SP2bx3zV/zOL/4fwxi/9H8scs/h/NH7P475Y/ZvH/WP6YxX/3/DGL/x75Yxb/PfPHLP4fzx+z+H8if8ziv1f+mMX/k/ljFv+988cs/p/KH7P4fzp/zOK/T/6YxX/f/DGL/375Yxb/z+SPWfw/mz9m8f9c/pjFf//8MYv/AfljFv/P549Z/A/MH7P4H5Q/ZvH/Qv6Yxf/g/DGL/yH5Yxb/L+aPWfy/lD9m8f9y/pjF/yv5Yxb/r+aPWfy/lj9m8f96/pjF/xv5Yxb/Q/PHLP6H5Y9Z/A/PH7P4H5E/ZvE/Mn/M4n9U/pjF/+j8MYv/MfljFv9j88cs/sflj1n8j88fs/h/M3/M4n9C/pjF/8T8MYv/SfljFv+T88cs/qfkj1n8v5U/ZvH/dv6Yxf/U/DGL/2n5Yxb/0/PHLP5n5I9Z/L+TP2bxPzN/zOJ/Vv6Yxf/s/DGL/3fzxyz+38sfs/ifkz9m8T83f8zif17+mMX//Pwxi/8F+WMW/+/nj1n8f5A/ZvH/Yf6Yxf9H+WMW/x/nj1n8f5I/ZvG/MH/M4n9R/pjF/6f5Yxb/i/PHLP4/yx+z+F+SP2bxvzR/zOJ/Wf6Yxf/y/DGL/xX5Yxb/K/PHLP5X5Y9Z/H+eP2bx/0X+mMX/l/ljFv9f5Y9Z/K/OH7P4X5M/ZvH/df6Yxf83+WMW/2vzxyz+v80fs/hflz9m8b8+f8zif0P+mMX/d/ljFv8b88cs/jflj1n8b84fs/j/Pn/M4v+H/DGL/x/zxyz+t+SPWfz/lD9m8b81f8zif1v+mMX/9vwxi/8d+WMW/z/nj1n878wfs/jflT9m8f9L/pjF/+78MYv/X/PHLP5/yx+z+P89f8zi/4/8MYv/PfljFv9788cs/vflj1n8788fs/g/kD9m8Z+SP2bxfzB/zOL/UP6YxX9q/pjEf+5B/pjFfyh/zOI/Kn/M4j9L/pjFf9b8MYv/6Pwxi/9s+WMW/9nzxyz+c+SPWfznzB+z+M+VP2bxnzt/zOI/T/6YxX/e/DGL/9Pyxyz+8+WPWfzH5I9Z/OfPH7P4j80fs/gvkD9m8V8wf8zi//T8MYv/M/LHLP7PzB+z+C+UP2bxf1b+mMV/4fwxi/+z88cs/s/JH7P4L5I/ZvF/bv6Yxf95+WMW/3H5Yxb/5+ePWfxfkD9m8X9h/pjFf9H8MYv/YvljFv8X5Y9Z/BfPH7P4L5E/ZvF/cf6Yxf8l+WMW/5fmj1n8X5Y/ZvFfMn/M4v/y/DGL/1L5Yxb/pfPHLP7L5I9Z/JfNH7P4L5c/ZvFfPn/M4v+K/DGL/wr5Yxb/FfPHLP4r5Y9Z/FfOH7P4vzJ/zOK/Sv6YxX/V/DGL/6vyxyz+r84fs/i/Jn/M4j8+f8ziPyF/zOI/MX/M4r9a/pjFf/X8MYv/GvljFv9J+WMW/8n5Yxb/NfPHLP5r5Y9Z/F+bP2bxf13+mMV/7fwxi/86+WMW/3Xzxyz+r88fs/ivlz9m8X9D/pjFf/38MYv/BvljFv8N88cs/hvlj1n835g/ZvHfOH/M4r9J/pjF/035Yxb/N+ePWfzfkj9m8X9r/pjF/235Yxb/t+ePWfzfkT9m8d80f8ziv1n+mMV/8/wxi/8788cs/lvkj1n8t8wfs/hvlT9m8d86f8zi/678MYv/NvljFv93549Z/N+TP2bx3zZ/zOK/Xf6YxX/7/DGL/w75Yxb/9+aPWfzflz9m8d8xf8zi//78MYv/TvljFv8P5I9Z/D+YP2bx/1D+mMV/5/wxi/8u+WMW/13zxyz+H84fs/h/JH/M4v/R/DGL/275Yxb/j+WPWfx3zx+z+O+RP2bx3zN/zOL/8fwxi/8n8scs/nvlj1n8P5k/ZvHfO3/M4v+p/DGL/6fzxyz+++SPWfz3zR+z+O+XP2bx/0z+mMX/s/ljFv/P5Y9Z/PfPH7P4H5A/ZvH/fP6Yxf/A/DGL/0H5Yxb/L+SPWfwPzh+z+B+SP2bx/2L+mMX/S/ljFv8v549Z/L+SP2bx/2r+mMX/a/ljFv+v549Z/L+RP2bxPzR/zOJ/WP6Yxf/w/DGL/xH5Yxb/I/PHLP5H5Y9Z/I/OH7P4H5M/ZvE/Nn/M4n9c/pjF//j8MYv/N/PHLP4n5I9Z/E/MH7P4n5Q/ZvE/OX/M4n9K/pjF/1v5Yxb/b+ePWfxPzR+z+J+WP2bxPz1/zOJ/Rv6Yxf87+WMW/zPzxyz+Z+WPWfzPzh+z+H83f8zi/738MYv/OfljFv9z88cs/uflj1n8z88fs/hfkD9m8f9+/pjF/wf5Yxb/H+aPWfx/lD9m8f9x/pjF/yf5Yxb/C/PHLP4X5Y9Z/H+aP2bxvzh/zOL/s/wxi/8l+WMW/0vzxyz+l+WPWfwvzx+z+F+RP2bxvzJ/zOJ/Vf6Yxf/n+WMW/1/kj1n8f5k/ZvH/Vf6Yxf/q/DGL/zX5Yxb/X+ePWfx/kz9m8b82f8zi/9v8MYv/dfljFv/r88cs/jfkj1n8f5c/ZvG/MX/M4n9T/pjF/+b8MYv/7/PHLP5/yB+z+P8xf8zif0v+mMX/T/ljFv9b88cs/rflj1n8b88fs/jfkT9m8f9z/pjF/878MYv/XfljFv+/5I9Z/O/OH7P4/zV/zOL/t/wxi//f88cs/v/IH7P435M/ZvG/N3/M4n9f/pjF//78MYv/A/ljFv8p+WMW/wfzxyz+D+WPWfyn5o9J/OcZ5I9Z/Ifyxyz+o/LHLP6z5I9Z/GfNH7P4j84fs/jPlj9m8Z89f8ziP0f+mMV/zvwxi/9c+WMW/7nzxyz+8+SPWfznzR+z+D8tf8ziP1/+mMV/TP6YxX/+/DGL/9j8MYv/AvljFv8F88cs/k/PH7P4PyN/zOL/zPwxi/9C+WMW/2flj1n8F84fs/g/O3/M4v+c/DGL/yL5Yxb/5+aPWfyflz9m8R+XP2bxf37+mMX/BfljFv8X5o9Z/BfNH7P4L5Y/ZvF/Uf6YxX/x/DGL/xL5Yxb/F+ePWfxfkj9m8X9p/pjF/2X5Yxb/JfPHLP4vzx+z+C+VP2bxXzp/zOK/TP6YxX/Z/DGL/3L5Yxb/5fPHLP6vyB+z+K+QP2bxXzF/zOK/Uv6YxX/l/DGL/yvzxyz+q+SPWfxXzR+z+L8qf8zi/+r8MYv/a/LHLP7j88cs/hPyxyz+E/PHLP6r5Y9Z/FfPH7P4r5E/ZvGflD9m8Z+cP2bxXzN/zOK/Vv6Yxf+1+WMW/9flj1n8184fs/ivkz9m8V83f8zi//r8MYv/evljFv835I9Z/NfPH7P4b5A/ZvHfMH/M4r9R/pjF/435Yxb/jfPHLP6b5I9Z/N+UP2bxf3P+mMX/LfljFv+35o9Z/N+WP2bxf3v+mMX/HfljFv9N88cs/pvlj1n8N88fs/i/M3/M4r9F/pjFf8v8MYv/VvljFv+t88cs/u/KH7P4b5M/ZvF/d/6Yxf89+WMW/23zxyz+2+WPWfy3zx+z+O+QP/aI/1Yn/1f7vzd/zHL+vy9/zOK/Y/6Yxf/9+WMW/53yxyz+H8gfs/h/MH/M4v+h/DGL/875Yxb/XfLHLP675o9Z/D+cP2bx/0j+mMX/o/ljFv/d8scs/h/LH7P4754/ZvHfI3/M4r9n/pjF/+P5Yxb/T+SPWfz3yh+z+H8yf8ziv3f+mMX/U/ljFv9P549Z/PfJH7P475s/ZvHfL3/M4v+Z/DGL/2fzxyz+n8sfs/jvnz9m8T8gf8zi//n8MYv/gfljFv+D8scs/l/IH7P4H5w/ZvE/JH/M4v/F/DGL/5fyxyz+X84fs/h/JX/M4v/V/DGL/9fyxyz+X88fs/h/I3/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/2/mj1n8T8gfs/ifmD9m8T8pf8zif3L+mMX/lPwxi/+38scs/t/OH7P4n5o/ZvE/LX/M4n96/pjF/4z8MYv/d/LHLP5n5o9Z/M/KH7P4n50/ZvH/bv6Yxf97+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOL//fwxi/8P8scs/j/MH7P4/yh/zOL/4/wxi/9P8scs/hfmj1n8L8ofs/j/NH/M4n9x/pjF/2f5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/6r8MYv/z/PHLP6/yB+z+P8yf8zi/6v8MYv/1fljFv9r8scs/r/OH7P4/yZ/zOJ/bf6Yxf+3+WMW/+vyxyz+1+ePWfxvyB+z+P8uf8zif2P+mMX/pvwxi//N+WMW/9/nj1n8/5A/ZvH/Y/6Yxf+W/DGL/5/yxyz+t+aPWfxvyx+z+N+eP2bxvyN/zOL/5/wxi/+d+WMW/7vyxyz+f8kfs/jfnT9m8f9r/pjF/2/5Yxb/v+ePWfz/kT9m8b8nf8zif2/+mMX/vvwxi//9+WMW/wfyxyz+U/LHLP4P5o9Z/B/KH7P4T80fk/jPO8gfs/gP5Y9Z/Eflj1n8Z8kfs/jPmj9m8R+dP2bxny1/zOI/e/6YxX+O/DGL/5z5Yxb/ufLHLP5z549Z/OfJH7P4z5s/ZvF/Wv6YxX++/DGL/5j8MYv//PljFv+x+WMW/wXyxyz+C+aPWfyfnj9m8X9G/pjF/5n5Yxb/hfLHLP7Pyh+z+C+cP2bxf3b+mMX/OfljFv9F8scs/s/NH7P4Py9/zOI/Ln/M4v/8/DGL/wvyxyz+L8wfs/gvmj9m8V8sf8zi/6L8MYv/4vljFv8l8scs/i/OH7P4vyR/zOL/0vwxi//L8scs/kvmj1n8X54/ZvFfKn/M4r90/pjFf5n8MYv/svljFv/l8scs/svnj1n8X5E/ZvFfIX/M4r9i/pjFf6X8MYv/yvljFv9X5o9Z/FfJH7P4r5o/ZvF/Vf6Yxf/V+WMW/9fkj1n8x+ePWfwn5I9Z/Cfmj1n8V8sfs/ivnj9m8V8jf8ziPyl/zOI/OX/M4r9m/pjFf638MYv/a/PHLP6vyx+z+K+dP2bxXyd/zOK/bv6Yxf/1+WMW//Xyxyz+b8gfs/ivnz9m8d8gf8ziv2H+mMV/o/wxi/8b88cs/hvnj1n8N8kfs/i/KX/M4v/m/DGL/1vyxyz+b80fs/i/LX/M4v/2/DGL/zvyxyz+m+aPWfw3yx+z+G+eP2bxf2f+mMV/i/wxi/+W+WMW/63yxyz+W+ePWfzflT9m8d8mf8zi/+78MYv/e/LHLP7b5o9Z/LfLH7P4b58/ZvHfIX/M4v/e/DGL//vyxyz+O+aPWfzfnz9m8d8pf8zi/4H8MYv/B/PHLP4fyh+z+O+cP2bx3yV/zOK/a/6Yxf/D+WMW/4/kj1n8P5o/ZvHfLX/M4v+x/DGL/+75Yxb/PfLHLP575o9Z/D+eP2bx/0T+mMV/r/wxi/8n88cs/nvnj1n8P5U/ZvH/dP6YxX+f/DGL/775Yxb//fLHLP6fyR+z+H82f8zi/7n8MYv//vljFv8D8scs/p/PH7P4H5g/ZvE/KH/M4v+F/DGL/8H5Yxb/Q/LHLP5fzB+z+H8pf8zi/+X8MYv/V/LHLP5fzR+z+H8tf8zi//X8MYv/N/LHLP6H5o9Z/A/LH7P4H54/ZvE/In/M4n9k/pjF/6j8MYv/0fljFv9j8scs/sfmj1n8j8sfs/gfnz9m8f9m/pjF/4T8MYv/ifljFv+T8scs/ifnj1n8T8kfs/h/K3/M4v/t/DGL/6n5Yxb/0/LHLP6n549Z/M/IH7P4fyd/zOJ/Zv6Yxf+s/DGL/9n5Yxb/7+aPWfy/lz9m8T8nf8zif27+mMX/vPwxi//5+WMW/wvyxyz+388fs/j/IH/M4v/D/DGL/4/yxyz+P84fs/j/JH/M4n9h/pjF/6L8MYv/T/PHLP4X549Z/H+WP2bxvyR/zOJ/af6Yxf+y/DGL/+X5Yxb/K/LHLP5X5o9Z/K/KH7P4/zx/zOL/i/wxi/8v88cs/r/KH7P4X50/ZvG/Jn/M4v/r/DGL/2/yxyz+1+aPWfx/mz9m8b8uf8zif33+mMX/hvwxi//v8scs/jfmj1n8b8ofs/jfnD9m8f99/pjF/w/5Yxb/P+aPWfxvyR+z+P8pf8zif2v+mMX/tvwxi//t+WMW/zvyxyz+f84fs/jfmT9m8b8rf8zi/5f8MYv/3fljFv+/5o9Z/P+WP2bx/3v+mMX/H/ljFv978scs/vfmj1n878sfs/jfnz9m8X8gf8ziPyV/zOL/YP6Yxf+h/DGL/9T8MYn/0wb5Yxb/ofwxi/+o/DGL/yz5Yxb/WfPHLP6j88cs/rPlj1n8Z88fs/jPkT9m8Z8zf8ziP1f+mMV/7vwxi/88+WMW/3nzxyz+T8sfs/jPlz9m8R+TP2bxnz9/zOI/Nn/M4r9A/pjFf8H8MYv/0/PHLP7PyB+z+D8zf8ziv1D+mMX/WfljFv+F88cs/s/OH7P4Pyd/zOK/SP6Yxf+5+WMW/+flj1n8x+WPWfyfnz9m8X9B/pjF/4X5Yxb/RfPHLP6L5Y9Z/F+UP2bxXzx/zOK/RP6Yxf/F+WMW/5fkj1n8X5o/ZvF/Wf6YxX/J/DGL/8vzxyz+S+WPWfyXzh+z+C+TP2bxXzZ/zOK/XP6YxX/5/DGL/yvyxyz+K+SPWfxXzB+z+K+UP2bxXzl/zOL/yvwxi/8q+WMW/1Xzxyz+r8ofs/i/On/M4v+a/DGL//j8MYv/hPwxi//E/DGL/2r5Yxb/1UX+c/wL61r81xD5/ytZ/Cflj1n8J+ePWfzXzB+z+K+VP2bxf23+mMX/dfljFv+188cs/uvkj1n8180fs/i/Pn/M4r9e/pjF/w35Yxb/9fPHLP4b5I9Z/DfMH7P4b5Q/ZvF/Y/6YxX/j/DGL/yb5Yxb/N+WPWfzfnD9m8X9L/pjF/635Yxb/t+WPWfzfnj9m8X9H/pjFf9P8MYv/ZvljFv/N88cs/u/MH7P4b5E/ZvHfMn/M4r9V/pjFf+v8MYv/u/LHLP7b5I9Z/N+dP2bxf0/+mMV/2/wxi/92+WMW/+3zxyz+O+SPWfzfmz9m8X9f/pjFf8f8MYv/+/PHLP475Y9Z/D+QP2bx/2D+mMX/Q/ljFv+d88cs/rvkj1n8d80fs/h/OH/M4v+R/DGL/0fzxyz+u+WPWfw/lj9m8d89f8ziv0f+mMV/z/wxi//H88cs/p/IH7P475U/ZvH/ZP6YxX/v/DGL/6fyxyz+n84fs/jvkz9m8d83f8ziv1/+mMX/M/ljFv/P5o9Z/D+XP2bx3z9/zOJ/QP6Yxf/z+WMW/wPzxyz+B+WPWfy/kD9m8T84f8zif0j+mMX/i/ljFv8v5Y9Z/L+cP2bx/0r+mMX/q/ljFv+v5Y9Z/L+eP2bx/0b+mMX/0Pwxi/9h+WMW/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOJ/TP6Yxf/Y/DGL/3H5Yxb/4/PHLP7fzB+z+J+QP2bxPzF/zOJ/Uv6Yxf/k/DGL/yn5Yxb/b+WPWfy/nT9m8T81f8zif1r+mMX/9Pwxi/8Z+WMW/+/kj1n8z8wfs/iflT9m8T87f8zi/938MYv/9/LHLP7n5I9Z/M/NH7P4n5c/ZvE/P3/M4n9B/pjF//v5Yxb/H+SPWfx/mD9m8f9R/pjF/8f5Yxb/n+SPWfwvzB+z+F+UP2bx/2n+mMX/4vwxi//P8scs/pfkj1n8L80fs/hflj9m8b88f8zif0X+mMX/yvwxi/9V+WMW/5/nj1n8f5E/ZvH/Zf6Yxf9X+WMW/6vzxyz+1+SPWfx/nT9m8f9N/pjF/9r8MYv/b/PHLP7X5Y9Z/K/PH7P435A/ZvH/Xf6Yxf/G/DGL/035Yxb/m/PHLP6/zx+z+P8hf8zi/8f8MYv/LfljFv8/5Y9Z/G/NH7P435Y/ZvG/PX/M4n9H/pjF/8/5Yxb/O/PHLP535Y9Z/P+SP2bxvzt/zOL/1/wxi//f8scs/n/PH7P4/yN/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/Kfkj1n8H8wfs/g/lD9m8Z+aPybxn2+QP2bxH8ofs/iPyh+z+M+SP2bxnzX/xzTLyKPFf3T+mMV/tvwxi//s+WMW/znyxyz+c+aPWfznyh+z+M+dP2bxnyd/zOI/b/6Yxf9p+WMW//nyxyz+Y/LHLP7z549Z/Mfmj1n8F8gfs/gvmD9m8X96/pjF/xn5Yxb/Z+aPWfwXyh+z+D8rf8ziv3D+mMX/2fljFv/n5I9Z/BfJH7P4Pzd/zOL/vPwxi/+4/DGL//Pzxyz+L8gfs/i/MH/M4r9o/pjFf7H8MYv/i/LHLP6L549Z/JfIH7P4vzh/zOL/kvwxi/9L88cs/i/LH7P4L5k/ZvF/ef6YxX+p/DGL/9L5Yxb/ZfLHLP7L5o9Z/JfLH7P4L58/ZvF/Rf6YxX+F/DGL/4r5Yxb/lfLHLP4r549Z/F+ZP2bxXyV/zOK/av6Yxf9V+WMW/1fnj1n8X5M/ZvEfnz9m8Z+QP2bxn5g/ZvFfLX/M4r96/pjFf438MYv/pPwxi//k/DGL/5r5Yxb/tfLHLP6vzR+z+L8uf8ziv3b+mMV/nfwxi/+6+WMW/9fnj1n818sfs/i/IX/M4r9+/pjFf4P8MYv/hvljFv+N8scs/m/MH7P4b5w/ZvHfJH/M4v+m/DGL/5vzxyz+b8kfs/i/NX/M4v+2/DGL/9vzxyz+78gfs/hvmj9m8d8sf8ziv3n+mMX/nfljFv8t8scs/lvmj1n8t8ofs/hvnT9m8X9X/pjFf5v8MYv/u/PHLP7vyR+z+G+bP2bx3y5/zOK/ff6YxX+H/DGL/3vzxyz+78sfs/jvmD9m8X9//pjFf6f8MYv/B/LHLP4fzB+z+H8of8ziv3P+mMV/l/wxi/+u+WMW/w/nj1n8P5I/ZvH/aP6YxX+3/DGL/8fyxyz+u+ePWfz3yB+z+O+ZP2bx///Yo6cEUAgACIDZeNm2bdu2bdv1kW3btm3btm3zAnuCduYKc6D/qOX/IP9Ry//B/qOW/0P8Ry3/h/qPWv4P8x+1/B/uP2r5P8J/1PJ/pP+o5f8o/1HL/9H+o5b/Y/xHLf/H+o9a/o/zH7X8H+8/avk/wX/U8n+i/6jl/yT/Ucv/yf6jlv9T/Ect/6f6j1r+T/Mftfyf7j9q+T/Df9Tyf6b/qOX/LP9Ry//Z/qOW/3P8Ry3/5/qPWv7P8x+1/J/vP2r5v8B/1PJ/of+o5f8i/1HL/8X+o5b/S/xHLf+X+o9a/i/zH7X8X+4/avm/wn/U8n+l/6jl/yr/Ucv/1f6jlv9r/Ect/9f6j1r+r/Mftfxf7z9q+b/Bf9Tyf6P/qOX/Jv9Ry//N/qOW/1v8Ry3/t/qPWv5v8x+1/N/uP2r5v8N/1PJ/p/+o5f8u/1HL/93+o5b/e/xHLf/3+o9a/u/zH7X83+8/avl/wH/U8v+g/6jl/yH/Ucv/w/6jlv9H/Ect/4/6j1r+H/Mftfw/7j9q+X/Cf9Ty/6T/qOX/Kf9Ry//T/qOW/2f8Ry3/z/qPWv6f8x+1/D/vP2r5f8F/1PL/ov+o5f8l/1HL/8v+o5b/V/xHLf+v+o9a/l/zH7X8v+4/avl/w3/U8v+m/6jl/y3/Ucv/2/6jlv93/Ect/+/6j1r+3/Mftfy/7z9q+f/Af9Ty/6H/qOX/I/9Ry//H/qOW/0/8Ry3/n/qPWv4/8x+1/H/uP2r5/8J/1PL/pf+o5f8r/1HL/9f+o5b/b/xHLf/f+o9a/r/zH7X8f+8/avn/wX/U8v+j/6jl/yf/Ucv/z/6jlv9f/Ect/7/6j1r+f/Mftfz/7j9q+f/Df9Ty/6f/qOX/L/9Ry//f/qOW/3/8Ry3///qPSv4HDOQ/avkf2H/U8j+I/6jlf1D/Ucv/YP6jlv/B/Uct/0P4j1r+h/QftfwP5T9q+R/af9TyP4z/qOV/WP9Ry/9w/qOW/+H9Ry3/I/iPWv5H9B+1/A/wH7X8j+Q/avkf2X/U8j+K/6jlf1T/Ucv/aP6jlv/R/Uct/2P4j1r+x/QftfyP5T9q+R/bf9TyP47/qOV/XP9Ry/94/qOW//H9Ry3/E/iPWv4n9B+1/E/kP2r5n9h/1PI/if+o5X9S/1HL/2T+o5b/yf1HLf9T+I9a/qf0H7X8T+U/avmf2n/U8j+N/6jlf1r/Ucv/dP6jlv/p/Uct/zP4j1r+Z/QftfzP5D9q+Z/Zf9TyP4v/qOV/Vv9Ry/9s/qOW/9n9Ry3/c/iPWv7n9B+1/M/lP2r5n9t/1PI/j/+o5X9e/1HL/3z+o5b/+f1HLf8L+I9a/hf0H7X8L+Q/avlf2H/U8r+I/6jlf1H/Ucv/Yv6jlv/F/Uct/0v4j1r+l/Qftfwv5T9q+V/af9Tyv4z/qOV/Wf9Ry/9y/qOW/+X9Ry3/K/iPWv5X9B+1/K/kP2r5X9l/1PK/iv+o5X9V/1HL/2r+o5b/1f1HLf9r+I9a/tf0H7X8r+U/avlf23/U8r+O/6jlf13/Ucv/ev6jlv/1/Uct/xv4j1r+N/Qftfxv5D9q+d/Yf9Tyv4n/qOV/U/9Ry/9m/qOW/839Ry3/W/iPWv639B+1/G/lP2r539p/1PK/jf+o5X9b/1HL/3b+o5b/7f1HLf87+I9a/nf0H7X87+Q/avnf2X/U8r+L/6jlf1f/Ucv/bv6jlv/d/Uct/3v4j1r+9/Qftfzv5T9q+d/bf9Tyv4//qOV/X/9Ry/9+/qOW//39Ry3/B/iP/nf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAf+zbbWydZeHH8bvbOsb+/JMRF1yGJptcKCTCbPeQ8YKwydhWB914HgMc3dqNjXabXYddAffwYhIhPEgyyRIlypahhJnQSAwEK4ho0EVNNPgAiEIUjRMh6Ja4WHPa09Ieu8Zz1etalM/nRc+577Pfva3Jd/e9wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/ns1NC48Mr5m2KnxQw8+eLil73XO0ZU3H/htz4UDr+WPl41wyXFDD3p7e3vnPDd7R/nwlKIoSj/bzvLxpMpx6fo767/Q2X8UFvS8tOT4lJ83Hjmw5vRH6rqP3l/bd7a2uGndhtaWj40rinBxbdFZOqirKYqwuLa4r3RQXzpYUls8UjqY3XdwavHt0sH5aze3NpdOLI3+nsH/iobGncX4YcUWw/40GNr/zvpv3TnwOsolB642oSj3f0XX99+q+GzACfofuH5YWNl/1b9B4ISq6/+FBQOvo1zyX+7/k59a9cpIn524/4Hrh4/rH9IZ4fl/WKOVz/0Vz/8zRrjk4P6qmq7jpf4vve3ZmeVTE/6d5/93rx8urux/3LDn/9Jz/KKB5/9TiiJcMsZvB7ynNDTuOjLa/X/0/idMr9jUDO3/jPbN+0v9P77ke0+UT9VW2f+iUe7/45ZW/FqB6jQ0frm34v5fRf/FR0a45GD/bz/x64dL/T/2+wfOHPJZNf1fUtn/rI62LbO2bu86b0Nb0/qW9S2b6mbPnzOvvm7eBXNn9T0S9H8d43cF3hvGdv8vJldsaoqiZXB/TfeBp0v9z33wwTnlU5Oq7H/xqPf/Ge7/MKIPjSsmTiw6mzo62uv6vw4c1vd/7f9hI/Rfxd//zzqn/MNqy681RTFtcH/XmXevKPX/zqFnd5dPTayy/yWj9r9g8OcFIozx/t9csRnW/8FDL/U9/y+79+AZ5VPV/v1/6aj9v+r+D2PR0FjxP/z8h5X631VcFtlpaPDf/yCdHP0/9s4NPXHr8An9Qzo5+v/d546eG7cOy/QP6eTof8LGB56PW4dL9Q/p5Oh/+dT5K+LW4TL9Qzo5+l/76rl/jluHRv1DOjn6P+dLuzvj1mG5/iGdHP0/1D5nW9w6rNA/pJOj/5+e9tBrcetwuf4hnRz9Hzt2z41x63CF/iGdHP137zn7B3HrcKX+IZ0c/V++bmGIW4er9A/p5Oh/+rQ/Ph63DlfrH9LJ0f+8P/39tLh1uEb/kE6O/u/4/Ip9cetwrf4hnRz9j7/+lRfj1mGl/iGdHP0vPXvbwrh1uE7/kE6O/pt/0twbtw6r9A/p5Oh/1td/tCFuHa7XP6STo//Dyx/dE7cON+gf0snR/566YkrcOtyof0gnR/9f++7ph+LW4ZP6h3Ry9P+bp56cH7cOq/UP6eTo/7kP3P6NuHW4Sf+QTo7+713z4llx69Ckf0gnR/8P733+i3HrsEb/kE6O/t94o+3/4tZhrf4hnRz9T5506utx69Csf0gnR/8Lb/1Ke9w6tOgf0snRf9vu7h/GrcM6/UM6Ofr/8PFpq+LWYb3+IZ0c/a+cu/f9cetws/4hnRz9v2/Zhbvi1mGD/iGdHP1f1PPRi+LWYaP+IZ0c/Xc889mvxq3DLfqHdHL0v3fma4vj1qFV/5BOjv5fXr30x3Hr0KZ/SCdH/289et2muHXYpH9IJ0f/T/7s7WNx67BZ/5BOjv7//4JFf41bhy36h3Ry9L94yZtr49bhU/qHdHL0v7H7Hy/HrUO7/iGdHP3PPHz1srh12Kp/SCdH/985r25/3Dp06B/SydH/nVfuq49bh236h3Ry9L//4F13x63DrfqHdHL0/+YvZkyPW4dP6x/SydH//VMOXRu3Dp36h3Ry9P/LTbXPxK3Ddv1DOjn6/9u+qTvi1qFL/5BOjv6ffr3nD3HrcJv+IZ0c/a+e8KuJcetwu/4hnRz9T+3acl/cOtyhf0gnR//z72k6P24dPqN/SCdH/1v/8sI349Zhh/4hna3bu25pam1taffGG2+8GXxzsv9kAlJ7N/qT/SsBAAAAAAAAAAAAAABOJMc/JzrZv0cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+yQ4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRC9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBXAAAA//+O1eBI") quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f00000000c0)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f00000002c0)={0x83, 0x0, 0xfffffffffffffffc, 0x0, 0x200000004, 0x4000000, 0x401, 0x2, 0x4040c425}) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) 5.913581492s ago: executing program 2 (id=11570): bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x10, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x7ff}, 0x50) r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='fdinfo/3\x00') read$FUSE(r0, &(0x7f0000002080)={0x2020}, 0x54) 5.49432568s ago: executing program 2 (id=11572): r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000200)='.\x00', 0x10000a0) creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x182) 5.433564617s ago: executing program 3 (id=11574): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc7f, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000280)='kfree\x00', r0}, 0x18) syz_usb_connect(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100000cb768405e0483020b99010203010902240001000000000904"], 0x0) 5.219133803s ago: executing program 2 (id=11576): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'hsr0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="680000001000030500000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="00000000008000004800128008000100687372003c000280060005000180000008000100", @ANYRES32=r1, @ANYBLOB="0500060001000000050007000000000005000300df00000008000200", @ANYRES32=r1], 0x68}}, 0x0) 4.790670977s ago: executing program 2 (id=11578): r0 = syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1204408, &(0x7f00000008c0), 0x0, 0x51ab, &(0x7f000000a440)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd") ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000440)={0x2, 0x4, {0xffffffffffffffff, @struct={0x84, 0x3}, 0x0, 0x20000005, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x0, @struct={0x1d, 0xce82}, 0x4000, 0x5, [0x0, 0x8, 0x9c, 0xfffffffffffffff9]}, {0xfffffffffffffffe, @struct={0x7, 0xa0000000}, 0x0, 0xffffffffffffffff, 0x1, 0x1, 0x0, 0x8, 0x58a, @struct={0x2, 0xf136}, 0x3, 0xe, [0x4, 0x1, 0x2, 0xfffffffffffffffc, 0x0, 0x1]}, {0x6, @usage=0xfffffffffffffffa, 0x0, 0x7, 0x807fc, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff, 0x440, @struct={0x0, 0x6}, 0xffffffff, 0x4, [0x80000000, 0x800004, 0x0, 0x3ff, 0x80]}}) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000000)={{r0}, {@void, @actul_num={@val=0x2d, 0x6, 0x47}}}) 4.03043386s ago: executing program 6 (id=11582): munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000001f80), 0x2, 0x0) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000001fc0)={0x45, 0x6, 0x0, {0x0, 0x0, 0x1c, 0x0, '/sys/kernel/debug/sync/info\x00'}}, 0x45) 3.850701585s ago: executing program 9 (id=11583): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000000500000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x18) setgid(0x0) 3.657611896s ago: executing program 3 (id=11584): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) setresuid(0x0, 0xee00, 0x0) mincore(&(0x7f0000185000/0x3000)=nil, 0x3000, 0x0) 3.586288418s ago: executing program 6 (id=11585): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r0) sendmsg$IEEE802154_LLSEC_GETPARAMS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x20, r1, 0x1, 0x70bd29, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4008800}, 0x0) 3.479876689s ago: executing program 9 (id=11586): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000340)={0x3, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @loopback}}}, 0x108) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000480)={0x3, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @multicast2}}}, 0x108) 3.268781046s ago: executing program 8 (id=11587): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) sendfile(r1, r0, &(0x7f00000000c0)=0x58, 0x5) 3.190137479s ago: executing program 6 (id=11588): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="660a0000a9b8f1f2"], 0x0}, 0x94) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0) 3.189861219s ago: executing program 3 (id=11589): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000a00)=ANY=[@ANYBLOB="120100007856bb40da0b53813de20102030109021200010000000009040000000206"], 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000380)={0x1c, &(0x7f0000000280)={0x60, 0x0, 0x4, "83d838f2"}, 0x0, 0x0}) 3.155954731s ago: executing program 9 (id=11591): fsopen(&(0x7f0000000080)='adfs\x00', 0x0) r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7f, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000000)={0xf0f01f}) 2.865387827s ago: executing program 6 (id=11592): r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="1201000001018610f4205ae06d6c010203010902240001010000000904690202ff5aa30009050402100000fa000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) 2.701932255s ago: executing program 9 (id=11593): syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000180)='./file1\x00', 0x28108c0, &(0x7f0000006980)=ANY=[@ANYBLOB="646973636172642c696f636861727365743d63703837342c6572726f72733d72656d6f756e742d726f2c75737271756f74612c696f636861727365743d63703836312c696f636861727365743d6370313235302c696e7465677269747900696f636861727365743d69736f383835392d342c646973636172643d30783030303030303030303030303030396943b95b49aca56faf1cc22189cc312c696f636861727365743d6d6163677265656b2c71756f74612c726573697a653d3078303030303030303030303030376666662c646973636172643d3078303030303030303066666666666666662c756d61736b3d3078303030303030303030303032303034352c6673636f6e746578743d836e636f6e66696e65645f752c66736d616769633d3078303030303030303030303230303030392c324216873b95edfe8ceab2bb0b11835a5cf531ac6273c29a4d4f9d056f1bcb8cd0a969ed12cf99802b3e3201518ecfc59a4fd94dd5349dc55633bd2bde1128ad071807ef13a9f10c0fbf3ad861c2009067c5c6c84cdba2806fa74eddff8373799d0b8c1e6f7e2b205235161b610ae5c66d1d9cfc2bc0cb617ae49331ade71595c2a5438139933aada47236dafdffffff088a552445f95768ccecb0c35797e832beced2077fa197623cd3de51d69d7a4f77a80eb5f783f091e5ec6047a0f67676819f4bf66744c1cb0975b96baf730000000000000001004e257bbabf33e3fa8d0cca2fbb4dabe1c5634bdf889b764ce26ae4e539fdffa2ea82c34b16308e26ce945d101d5f2e2577d8e2a21d9401194a97a6c281b603da7c66934f0c341df8ff02d91cd4f2d80ea7dde697"], 0xfe, 0x61f6, &(0x7f000000cdc0)="$eJzs3c1vHGcdB/DfvvolNLV6qEqEkJuWl1KaxEkJgQJtD3Dg0gPKFSVy3SoiBZQElFYWceULB078BSAkjghxRBz4A3rgyo0TJyLZSKCeGDTe54lnN7tdp7Z31p7PR3JmfvPMep/Jd189L08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPH97/1grRURN36eFqxEfCY6Ee2IpbJejYil1ZW8fjcinou95ng2InoLEeXt9/55OuLViPjobMTO7uZ6ufjyAfvx3T/+/Xc/PPPW3/7Qu/jfP93rvDZpvfv3f/WfPz843DYDAABA0xRFUbTS1/xz6ft9u+5OAQAzkd//iyQvP/X1r//51l/mqT/qRtcRl/YWzkt/1Gr16a2rivEeVIuI2KrepvzMYHc8AJwwW/Fx3V2gRvJvtG5EnKm7E8Bca9XdAY7Fzu7meivl26q+H6wO2vOxIEP5b7Uend8xaTrN6DEms3p8bUcnnpnQn6UZ9WGe5Pzbo/nfGLT303rHnf+sTMq/Pzj1qXFy/p3R/Eccaf4LdebfHpt/U+X8u0+Uf+cEP//lDwAAAADA6Zf//r9S8/7fhcNvyoF80v7f1Rn1AQAAAAAAAACO2mHH/3vE+H8AAAAwt8rv6qXfnN1fNulabOXy662Ip0bWBxomnSyzXHc/AAAAAAAAAAAAAKBJuoNjeK+3InoR8dTyclEU5U/VaP2kDnv7k67p2w9NVveLPAAADHx0duRc/lbEYkRcT9f66y0vLxfF4tJysVwsLeTPs/2FxWKp8r02T8tlC/0DfCDu9ovyly1Wblc17fvytPbR31feV7/oHKBjR6SX/jcnNNcUNgAkg3ejHe9Ip0xRPD3pwwcM8fw/hVZipe7HFfOv7ocpAAAAcPyKoiha6XLe59I+/3bdnQIAZiK//4/uFzhU3Z7QHnE0v1+tVqvVavWnqquK8R5Ui4jYqt6m/MxgOH4AOGG24uO6u0CN5N9o3Yh4ru5OAHOtVXcHOBY7u5vrrZRvq/p+kMZ3z8eCDOW/1dq7Xb79uOk0o8eYzOrxtR2deGZCf56dUR/mSc6/PZr/jUF7P6133PnPyqT8+3unzDVPzr8zmv+I05N/e2z+TZXz7z5R/h35AwAAAADAHMt//1+x/zdvMgAAAAAAAACcODu7m+v5vNe8//9zY9Zz/ufplPNvPWn+S2le/idazr89kv+XR9brVOYfvrn//P/37ub67+/967N5etD8F/JMKz2yWukR0Ur31Oqm6WG27nHbvU6/vKdeq93ppmN+it47cStux0ZcGlq3nf4/9tvXhtrLnvaG2i8PtXcfa78y1N5L1x0olnL7hViPn8TteHuvvWxbmLL9i1PaiyntOf+O1/9Gyvl3Kz9l/supvTUyLT38sP3Y8746HXc/b9z6/C8vHf/mTDHpyseD7Ts/6+5EDF5xzvTjZ3c37ly4f/PevTtrkSZDSy9HmhyxnH9v72dh//X/hUF7ft2vPl8ffth/4vznxXZ0Hz22q8r8X6jMl9v70oz7Voecfz/95PzfTu3jn/8nOf/OxPxfrqE/AAAAAAAAAAAAAAAA8EmKotg7RfSNiLiazv+p69xMAGC28vt/keTlarVarVarT19dVYz3erWIiL9Wb1N+ZvjFuF8GAMyz/0XEP+ruBLWRf4Pl6/2V0xfr7gwwU3ff/+BHN2/f3rhzt+6eAAAAAAAAAACfVh7/c7Uy/vOLEbEyst7Q+K9vxuphx//s5plHA4we8UDfE2y3+512Zbjx52NvfO4Lk8b/Ph+Pj/+dx8TtVLdjgt6U9v6U9oUp7Ytjl+6nNfZEj4qc//OV8c7L/M+NDL/ehPFfR8e8b4Kc//nK47nM/0sj61XzL347d/lvHXTF7WgP5X/x3ns/vXj3/Q9eufXezXc33t348ZW1tUtXrl69du3axXdu3d64NPj3eHo9B3L+eexrx4E2S84/Zy7/Zsn5fyHV8m+WnP8XUy3/Zsn558978m+WnH/+7iP/Zsn5v5Rq+TdLzv8rqZZ/s+zsbi6U+b+cavk3S37+fzXV8m+WnP8rqZZ/s+T8L6Ra/s2S87+Y6gPk7/Lwp0jOP+/h8vxvlpz/Wqrl3yw5/8upln+z5PyvpFr+zZLzfzXV8m+WnP/XUi3/Zsn5X021/Jsl5//1VMu/WXL+11It/2bJ+X8j1fJvlpz/N1Mt/2bJ+b+Wavk3S87/W6mWf7Pk/L+davk3S87/O6mWf7Pk/F9PtfybZf/6/2bMmDGTZ+p+ZQIAAAAAAAAAAAAARs3icOK6txEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+zw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsHdvMXLd9R3Az+zF3nUIMRCCkxrYJCaEZMmu7cQX2jQmXBugFEgo9ILtetdmwTe8dgkUyaaBEgmjooqq6UNbQKiNVFVYFQ+0ojQPVS9PpX2gLxVVJaRGVUABFamtKFvNnP//vzOzszOz3vF69vw/Hyn57c6cmXPmzJnZ/e76uwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJrd/ob5z9SKoqj/1/jf9qJ4Qf3jyantjcted723EAAAAFiv/2v8//mb0gWH+rhR0zJ/94p//NrS0tJS8b7R3x3/wtJSumKqKMa3FkXjuujKv7+/1rxM8EQxURtp+nykx+pHe1w/1uP68R7Xb+lx/dYe10/0uH7FDlhhsvx5TOPOdjU+3F7u0uLmYrxx3a4Ot3qitnVkJP4sp6HWuM3S+PFioThZzBezLcuXy9Yay3/j9vq63lrEdY00rWtn/Qj5wSeOxW2ohX28q2Vdy/cZfe/1xdQPf/CJY398/rlbO82eu6Hl/srtvPuO+nZ+KlxSbmut2Jr2SdzOkabt3NnhORlt2c5a43b1j9u38/k+t3N0eTM3VPtzPlGMND7+VmM/jTX/WC/tp53hsv++syiKS8ub3b7MinUVI8W2lktGlp+fifKIrN9H/VB6cTG2puP09j6O0/qc29V6nLa/JuLzf3u43dgq29D8NH3vk1tWPO9rPU6j+qNe7bXSfgwO+rUyLMdgPC6+1XjQT3Y8BneFx/+Ju1Y/BjseOx2OwfS4m47BO3odgyNbRhvbnJ6EWuM2y8fg7pblRxtrqjXms3d1PwZnzp86O7P4sY+/duHU0RPzJ+ZP7929e3bvvn0HDhyYOb5wcn62/P9V7u3ht60YSa+BO8K+i6+BV7ct23yoLn1pcK/DiS6vw+1tyw76dTjW/uBqG/OCXHlMl6+NR+s7feLySLHKa6zx/Nyz/tdhetxNr8Oxptdhx68pHV6HY328DuvLnL2nv+9Zxpr+67QN1+prwfamY7D9+5H2Y3DQ348MyzE4EY6Lf71n9a8FO8P2Pjm91u9HRlccg+nhhvee+iXp+/2JA43R6bi8rX7FDVuKC4vz5+57/Oj58+d2F2FsiJc0HSvtx+u2psdUrDheR9Z8vB5aeMWTt3W4fHvYVxOvrf9vYtXnqr7M/fd1f64aX90678+WS/cUYQzYRu/PTl/N6/szZcku+7O+zKdm1v+9eMqlTe+/46u8/8bc/5NyfemunhgdHytfv6Np74y3vB+3PlVjjfeuWmPdz8/09348Hv7b6Pfjm7u8H+9oW3bQ78fj7Q8uvh/Xev20Y33an8+JcJycnO3+flxfZseetR6TY13fj+8Msxb2/2tCUki5qOnYWe24TesaGxsPj2ssrqH1ON3bsvx4yGb1dT295+qO07vvLO9rND26ZRt1nE61LTvo4zS9X612nNZ6/fTt6rQ/nxPhuLh5b/fjtL7MM/ev/71zMn7Y9N65pdcxOD66pb7N4+kgLN/vlybjMXhfcaw4U5ws5hrXbmkcT7XGuqYf6O8Y3BL+2+j3yh1djsG725Yd9DGYvo6tduzVxpbfSAao/fmcCMfFUw90Pwbry7xx/2C/d707XJKWafretf3na6v9zOu2seX7K67xz7zq2/k3+7v/bLa+zMkDa82Z3ffTveGSGzrsp/bX72qvqbliY/bTjrCdzx1YfT/Vt6e+zBcO9nk8HSqK4uJHHm78vDf8fuXPL3z7ay2/d+n0O52LH3n4+zce/9u1bD8Am99PyrGt/FrX9Jupfn7/DwAAAGwKMfePhJnI/wAAAFAZMffHfxWeyP8AAABQGTH3j4WZZJL/d7zxuYWfXCxSM38piNen3fBIuVzsuM6Gz6eWltUvf/gr8z/6y4v9rXukKIofP/IbHZff8UjcrtJU2M4rb2q9fOUNL/a1/iOPLS/X3F//Yrj/+Hj6PQw6VXBni6L4xk2fa6xn6v2XG/OZR4405rsvPflEfZnnD5afx9s/+5Jy+T8I5d9Dx4+23P7ZsB++G+bs2zrvj3i7r15+zc79711eX7xd7Y4XNh72Ux8o7zf+nZzPP1EuH/fzatv/V599+qv15R9/VeftvzjSefufDvf7lTD/5+Xl8s3PQf3zeLtPh+2P64u3u+/L3+y4/Vc+Uy5/9s3lckfCjOu/O3y+683PLTTvr8drR1seV/GWcrm4/tlv/3bj+nh/8f7bt3/i8OWW/dF+fDzzz+X9zLQtHy+P64n+om399ftpPj7j+p/+rSMt+7nX+q+8+9mX1++3ff33ti032nb79r/Y9Ief/lzH9cXtOfRnZ1sez6F3hddxWP9THwjHY7j+f698rmW90ZF3tb7/xOW/uP1iy+OJ3vrDcv1XHjrRmP8x9aPfv+EFN77w0ivr+64ovvWe8v56rf/EH51p2f4v3XJP4/mI18eOfvv6VxPXf+6j06fPLF5YmGvaq42/nfP2cnu2Tkxuq2/vTeG9tf3zw2fOf3D+3NTs1GxRTFX3T+hdtS+H+f1yXFrr7e95LDyft/3eN7bd9U+fjZf/y6Pl5ZffVn7denVY7vPh8u3l87dUW+f6n7r9lsbru/ZM+XlLj30Adu76zwN9LRgef/v3BfF4P/vSDzb2Q/26xteN+Lpe5/Z/Z668n6+H/boU/jLzHbcsr695+fi3ES6/p3y9r3v/hbe5+Lz+SXi+3/Hd8v7jdsXH+53wfcw3d7S+38Xj4+sXR9rvv/FXPC6F95PiUnl9XCru78vP39Jx8+LfISku3dr4/HfS/dy6poe5msWPLc6cXDh94fGZ8/OL52cWP/bxw6fOXDh9/nDjb3ke/lCv2y+/P21rvD/Nze+7v5idLIriTDG7AW9Y12b76x/1t/1nHzs2t3/2rrn540cvHD//2Nn5cyeOLS4em59bvOvo8ePzH+11+4W5B3fvObh3/57pEwtzDx44eHDvwemF02fqm1FuVA/7Zj88ffrc4cZNFh+8/+DuBx64f3b61Jm5+Qf3z85OX+h1+8bXpun6rX99+tz8yaPnF07NTy8ufHz+wd0H9+3b0/OvAZ46e3xxaubchdMzFxbnz82Uj2XqfOPi+te+Xrenmhb/rfx+tl2t/EN8xTvv3Zf+PmvdVz656l2Vi7T9AdHnwt+i+YcXnT3Qz+cx94+HmWSS/wEAACAHMfdvCTOR/wEAAKAyYu7fGmYi/wMAAEBlxNw/EWaSSf7X/9f/76//X16v/59X///sR8pe6Wbv/8f+vP5/Hq5z/3/d69f/1/+vXv+///78Zt9+/X/9f1Yatv5/zP2TRZFl/gcAAIAcxNy/LcxE/gcAAIDKiLn/hjAT+R8AAAAqI+b+F4SZZJL/9f/76v/v6VW4qn7/3/n/9f+Lzdn/j0+O/n821ty/f++jLZ/q/wf6//r/+v/6//r/rNv4qtdcr/5/zP03hplkkv8BAAAgBzH3vzDMRP4HAACAyoi5/6YwE/kfAAAAKiPm/u1hJpnkf/1/5//X/9f/r3T/f73n/2/aGP3/zcH5/7vT/+/hqvv/E/r/m7H/Pz7Y7R/u/n/Pzdf/55oYtvP/x9z/ojCTTPI/AAAA5CDm/heHmcj/AAAAUBkx978kzET+BwAAgMqIuf/mMJNM8r/+v/6//r/+v/5/5/X3Pv9/+ZH+/3DR/+9O/78H5//Pq/8/4O0f7v7/oM//P/6m9tvr/9PJsPX/Y+5/aZhJJvkfAAAAchBz/y1hJvI/AAAAVEbM/S8LM5H/AQAAoDJi7t8RZpJJ/tf/1//X/9f/1//vvP7e/f+S/v9w0f/vTv+/B/1//X/9//76/x2++dX/p5Nh6//H3H9rmEkm+R8AAAByEHP/bWEm8j8AAABURsz9PxVmIv8DAABAZcTcvzPMJJP8r/+v/6//n1f//94t+v/6/9Wm/9+d/n8P+v/6//r/fZ7/f6W19P+39rozKmPY+v8x9788zCST/A8AAAA5iLn/FWEm8j8AAABURsz9rwwzkf8BAACgMmLunwozyST/6/9Xq///p3/91CsL/X/9/x7rH0T/vxYuHaL+fzwMhr7//5D+/zWl/9+d/n8P+v/6//r/G9L/Jx/D1v+Puf/2MJNM8j8AAADkIOb+O8JM5H8AAACojJj77wwzkf8BAACgMmLu3xVmkkn+1/+vVv8/0v/X/++2/o06//9YeD7Tcen8/87/vwH0/ztoepHq//eg/6//n33/P373q//PYAxb/z/m/leFmWSS/wEAACAHMfffVbT9Elf+BwAAgMpo5P5ionh1mIn8DwAAAJURc//dYSaZ5H/9/6vv/483faz/37r9+v+tcu3/b/D5/xP9/7zp/3e31v7/Fv1//X/9/8z6/+s7//9k+Fj/n2jY+v8x978mzCST/A8AAAA5iLn/njAT+R8AAAAqI/77zfLfvcr/AAAAUEUx90+HmWSS//X/nf8/p/5/Tf9/QP3/+Ij1/wv9/6Gj/9+d8//3oP+v/6//v67+v/P/027Y+v8x9782zCST/A8AAAA5iLn/vjAT+R8AAAAqI+b+mTAT+R8AAAAqI+b+2TCTTPK//r/+f079f+f/d/5//f/q0//vTv+/B/1//f+q9f+LQv+f62rY+v8x9+8OM8kk/wMAAEAOYu7fE2Yi/wMAAEBlxNy/N8xE/gcAAIDKiLn//jCTTPK//r/+v/6//r/+f+f16/9vTvr/3en/96D/r/9ftf6/8/9znQ1b/z/m/gfCTDLJ/wAAAJCDmPv3hZnI/wAAAFAZMffvDzMJ+b/Tv+sGAAAANpeY+w+EmWTy+3/9/4r0/3/z71vWrf+v/99t/YPp/0/q/4ep/z9cKtr/b39ZXDX9/x70//X/9f/1/xmoYev/x9x/MMwkk/wPAAAAOYi5/3VhJvI/AAAAVEbM/T8dZiL/AwAAQGXE3P8zYSaZ5P/B9v8n9f+bZHX+/8nW7df/73x8VKv/7/z/+v/DqaL9/4GpVP9/RP9f/3+4tl//X/+fla59/z9+1F//P+b+B8NMMsn/AAAAkIOY+382zET+BwAAgMqIuf+hMBP5HwAAACoj5v5DYSaZ5H/n/9f/d/5//f9r0/9/qGg3jP3/+sGj/18t+v/dVar/7/z/+v9Dtv36//r/rDRs5/+Puf/1YSaZ5H8AAADIQcz9D4eZyP8AAABQGTH3vyHMRP4HAACAyoi5/41hJpnkf/1//X/9f/1/5//vvH79/81J/787/f8e9P/1//X/9f8ZqGHr/8fc/6Ywk0zyPwAAAOQg5v43h5nI/wAAAFAZMfe/JcxE/gcAAIDKiLn/rWEmmeR//X/9f/1//X/9/87r1//fnPT/u9P/70H/X/9f/1//n4Eatv5/zP0/F2aSSf4HAACAHMTc/0iYifwPAAAAlRFz/9vCTOR/AAAAqIyY+98eZpJJ/tf/38T9/zH9f/1//X/9/97rzY3+f3f6/z3o/+v/6//r/zNQw9b/j7n/HWEmmeR/AAAAyEHM/T8fZiL/AwAAQGXE3P/OMBP5HwAAACoj5v5fCDPJJP/r/2/i/n8lz/+/dLH5dhXr/9cX0/+/Xv3/+o30/7Og/9+d/n8PHfr/W/X/8+r/L4V3ef1//X8GYtj6/zH3vyvMJJP8DwAAADmIuf/dYSbyPwAAAFRGzP3vCTOR/wEAAKAyYu5/NMwkk/yv/59l/z895OHr/692/v/JxnWbvP/v/P/O/6//vwGq2/9f8111pP/fg/P/6/87/7/+PwM1bP3/mPsfCzPJJP8DAABADmLuf2+YifwPAAAAlRFz/y+Gmcj/AAAAUBkx978vzCST/K//n2X/f4jP/79a/3+znv9/rCgml9eTU/9/oun5TMel/r/+/waobv9/MPT/e9D/1/8f5v5/OJonV7m9/j/DaNj6/zH3vz/MJJP8DwAAADmIuf+XwkzkfwAAAKiMmPt/OcxE/gcAAIDKiLn/V8JMMsn/+v/6//r/zv/v/P+d16//vznp/3en/9+D/r/+/zD3/3vQ/2cYDVv/P+b+Xw0zWTX4ff+/+niYAAAAwBCJuf8DYSaZ/P4fAAAAchBz/+EwE/kfAAAAKiPm/iNhJpnkf/3/9v5/PKOq/r/+v/6//r/+/2Y0uP7/y24sCv3/yvT/J/rcAP1//X/9f/1/BmrY+v8x9x8NM8kk/wMAAEAOYu7/tTAT+R8AAAAqI+b+Y2Em8j8AAABURsz9c2EmmeT/69j/Hx/O/r/z/19t///H+v/6/4H+f2f6/xvD+f+7y7b/3y/9f/1//X/9fwZq2Pr/MffPh5lkkv8BAACgwtKPg2PuPx5mIv8DAABAZcTcfyLMRP4HAACAyoi5/4NhJpnkf+f/1/93/v/r0f8fa1le/7+k/6//Pwj6/93p//eg/6//r/+v/89ADVv/P+b+hTCTTPI/AAAA5CDm/g+Fmcj/AAAAUBkx9384zET+BwAAgMqIuf9kmEkm+V//X/8/9/5/rSguOf+//n+n9ev/b076/93p//eg/6//r/+v/89ADVv/P+b+U//P3n002XVWexw+9pUVbtWty0fwmBFDGJmPwJQZVYzJJgdZ5Awm52CyyTmDyTnnbHKOJhqqRLm11pK6z+m9JfXuPnu/7/NM1m2V+p7TVlvwp+tXO27pZP8DAABAD3L33zNusf8BAACgGbn77xW32P8AAADQjNz9945bOtn/+n/9f+/9/2orz//f/fv1/+fo//X/U1jr749t/n37ReH79v93uOO1d9P/6//1/4P0//p//T97za3/z91/n7ilk/0PAAAAPcjdf9+4xf4HAACAZuTuv1/cYv8DAABAM3L3Xxu3dLL/9f/6f/2//n9X/3+T/l//v2ye/z9M/z9C/6//1//r/5nU3Pr/3P33j1s62f8AAADQg9z9D4hb7H8AAABoRu7+B8Yt9j8AAAA0I3f/g+KWTva//l//r/9fSv9/3PP/93w9+n/9/yb6/2H6/xH6f/2//l//z6Tm1v/n7n9w3NLJ/gcAAIAe5O5/SNxi/wMAAEAzcvc/NG6x/wEAAKAZufsfFrd0sv/1//p//f9S+v8jev6//l//v3A3rM7/naD/X6f/HzHS/69W+v8hF93Pb/7ylvP+96H/1/+zbm79f+7+h8ctd16tjl/uFwkAAADMSu7+R8Qtnfz8HwAAAHqQu/903GL/AwAAQDNy918Xt3Sy//X/+n/9v/5f/7/59fX/y+T5/8MO3v/f/nb3uHu//X8zz/8/u+m/uWy/nz+obb//6fv/274z9P8s29z6/9z9Z+KWTvY/AAAA9CB3/yPjFvsfAAAAmpG7/1Fxi/0PAAAAzcjd/+i4pZP9r/9vrf//n12fd0H/v1O76P/1//p//X/r9P/DPP9/xM5fc6fqw2b7/31su59f+vv3/H/9P+vm1v/n7n9M3NLJ/gcAAIAe5O5/bNxi/wMAAEAzcvc/Lm6x/wEAAKAZufsfH7d0sv/1/631/7s/z/P/9f+bXl//r/9vmf5/mP5/RCvP/7/M75pt9/MHte33r//X/7Nubv1/7v4nxC2d7H8AAADoQe7+J8Yt9j8AAAA0I3f/k+IW+x8AAACakbv/yXFLJ/tf/6//X0b/n6+g/9f/H37/n/T/y/O/+v9R+v8RrfT/l2nb/fzS37/+X//Purn1/7n7nxK3dLL/AQAAoAe5+58at9j/AAAA0Izc/U+LW+x/AAAAaEbu/qfHLZ3sf/2//n8Z/b/n/+v/Pf9f/39x9P/D9P8j9P/6f/2//p9Jza3/z91/fdzSyf4HAACAHuTuf0bcYv8DAABAM3L3PzNusf8BAACgGbn7nxW3dLL/9f/6f/2//l//v/n19f/LpP8fpv8fof/X/+v/9f9Makb9/wWfdXL17Lilk/0PAAAAPcjd/5y4xf4HAACAZuTuf27cYv8DAABAM3L3Py9u6WT/6/9n0//v5Hxt9f+nVquV/n/Vaf9/6oI/z/q+1P/r/4+A/n+Y/n+E/l//r//X/zOpGfX/Ox/n7n9+3NLJ/gcAAIAe5O5/Qdxi/wMAAEAzcve/MG6x/wEAAKAZuftfFLd0sv/1/7Pp/3e01f97/v/e74+e+n/P/1+n/z8a+v9h+v8R+n/9v/5f/8+k5tb/5+5/cdx0/KrL/hIBAACAmcnd/5K4pZOf/wMAAEAPcve/NG6x/wEAAGChrl/7ldz9L4tbOtn/+v9p+//jF/ya/l//v/f7Q/+v/9f/Hz79/zD9/wj9v/5f/6//Z1Jz6/9z9788bulk/wMAAEAPcvffELfY/wAAANCM3P2viFvsfwAAAGhG7v5Xxi2d7H/9v+f/6//1//r/za+v/18m/f8w/f8I/b/+f7v9/4nz/6f+nzZcQv9/9uzZ04fe/+fuf1Xc0sn+BwAAgCbt+Vlp7v5Xxy32PwAAADQjd/9r4hb7HwAAAJqRu/+1cUsn+1//32n/n9/qy+r/r1ut9P/6f/2//n+Y/n+Y/n+E/l//7/n/+n8mNbfn/+fuf13c0sn+BwAAgB7k7r8xbrH/AQAAoBm5+18ft9j/AAAA0Izc/W+IWzrZ//r/Tvt/z//X/+v/j7r/v3Wl/z8Si+j/T+3/+nPv/8/o//X/A7rr/+9yp10f6v/1/6ybW/+fu/+NcUsn+x8AAAB6kLv/TXGL/Q8AAADNyN3/5rjF/gcAAIBm5O5/S9x0rJP9r//X/+v/9f/6/82vf8TP/z++Wq30/xNYRP8/YO79/zTP/9/7b/l5+n/9/5Lfv/5f/8+6ufX/ufvfGrd0sv8BAACgB7n73xa32P8AAADQjNz9b49b7H8AAABoRu7+d8Qtnex//b/+X/+v/59V/3/FIfT/ZxbR/3v+/0T0/8Pm0f/vT/+v/1/y+9f/6/+5eNvq/3P3vzNu6WT/AwAAQA9y978rbrH/AQAAoBm5+98dt9j/AAAA0Izc/e+JWzrZ//p//f+l9P/5Pnvr/0/F72u1/z8xp/5/5++Zk7v+/3Xy/H/9/0T0/8P0/yP0//p//f/1+n+mNLfn/+fuf2/c0sn+BwAAgB7k7n9f3Pqfbu1/AAAAaEbu/vfHLfY/AAAANCN3/wfilk72v/5f/+/5/57/P6vn/58+hOf/6/+7ov8fpv8fof/X/+v/Pf+fSc2t/8/d/8G4pZP9DwAAAD3I3f+huMX+BwAAgGbk7v9w3GL/AwAAQDNy998Ut3Sy//X/+n/9v/5f/3/uz1D/3wb9/7Cj6f9P6f/1/9XPXxH/Fuj/9f9jn0+b5tb/5+7/SNzSyf4HAACAHuTu/2jcYv8DAABAM3L3fyxusf8BAABgkY5t+LXc/R+PWzrZ//p//b/+f8L+/8qV/n+h/f+m19f/L9NW+v/8ptD/e/5/6Kf/v3rXR9t+/v+xS3z/e//zaxv9/wXrQ/9Pk+bW/+fu/0Tc0sn+BwAAgB7k7v9k3GL/AwAAQDNy938qbrH/AQAAoBm5+z8dt/Sw//9P/7/S/x+k/z+j//f8f/2//n9uPP9/mP5/hP5/q8/PX/r79/x//T/r5tb/5+7/TNzSw/4HAACATuTu/2zcYv8DAABAM3L3fy5usf8BAACgGTu7P+OyDve//l//7/n/+n/9/+bX1/8vk/5/mP5/hP5f/6//1/8zqbn1/5/f+ayTqy/ELZ3sfwAAAOhB7v4vxi32PwAAADQjd/+X4hb7HwAAAJqRu//LcUsn+1//r/9fRv9/9uzZ0/p//f/ur+d8/3+z/p+i/x+m/x+h/9f/6//1/0xqbv1/7v6vxC2d7H8AAADoQe7+r8Yt9j8AAAA0I3f/1+IW+x8AAACakbv/63FLJ/tf/z+D/v+k/t/z//X/K8//1/9PRP8/TP8/osX+/+TFf/nb7ucPatvvX/+v/2fd3Pr/3P3fiFs62f8AAADQg9z934xb7H8AAABoRu7+b8Ut9j8AAAA0I3f/t+OWTva//v/o+v/b/tn18vz/U6vN71//r//X/+v/D5v+f5j+f0SL/f8l2HY/v/T3r//X/7Nubv1/7v7vxC27h99Vl/ZVAgAAAHOSu/+7cUsnP/8HAACAHuTu/17cYv8DAABAM3L3fz9u6WT/6/9n8Pz/Bvt/z//f/P2h/591/3+l/r8N+v9h+v8R+n/9v/5/ov4/v5v1/72bW/+fu/8HcUsn+x8AAAB6kLv/h3GL/Q8AAADNyN3/o7jF/gcAAIBm5O6/OW65YP9vartbof/X/+v/9f/6/82vr/9fJv3/sIvt/0+sDtb/J/2//l//32v/7/n/nDO3/j93/4/jFj//BwAAgMW5ap9fz93/k7jF/gcAAIBm5O7/adxi/wMAAEAzcvf/LG655cptvaUjpf/X/+v/9f/6/82vr/9fJv3/MM//H6H/n6Kfv0b/30b/v1rp/zm4ufX/uft/Hrf4+T8AAAA0I3f/L+IW+x8AAACakbv/l3GL/Q8AAADNyN3/q7ilk/2v/9f/H7D/30kz9f/n6P/P0f9vpv8/Gvr/Yfr/Efp/z//X/3v+P5OaW/+fu//XcUsn+x8AAAB6kLv/N3GL/Q8AAADNyN3/27jF/gcAAIBm5O7/XdzSyf6ftP+/MSrsi+n/4x+1/n/x/b/n/+v/9f/6/1nR/w/T/4/Q/+v/9f/6fyY1t/4/d//v45ZO9j8AAAD0IHf/H+IW+x8AAACakbv/j3GL/Q8AAADNyN3/p7ilk/3v+f/6f/2//l//v/n19f/LpP8fpv/frP6g9P/6f/2//p9Jza3/z93/57ilk/0PAAAAPcjd/5e4xf4HAACAZuTuvyVusf8BAACgGbn7/xq3dLL/9f/6f/2//l//v/n19f/LNKv+/5j+/8LPvev/j7+s5/9vvf/Pt6D/1//r/5nE3Pr/3P1/i1s62f8AAADQg9z9f49b7H8AAABoRu7+f8Qt9j8AAAA0I3f/P+OWTvb/SP9/on6j/n+Q/n/3+9f/b/7+0P/r//X/h29W/b/n/y/m+f9F/+/5//p//T+Tmlv/n7v/X3FLJ/sfAAAAepC7/9a4xf4HAACAZuTu/3fcYv8DAABAM3L3/ydu6WT/e/7/kvr/a/T/+n/9v/5f/z9C/z9M/z9C/6//v4T3f/Wej/X/+n/Wza3/z93/3wAAAP//tmNCRw==") setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000380), 0x24, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) 1.772715613s ago: executing program 0 (id=11594): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x14, r1, 0x1}, 0x14}}, 0x48000) 1.69905711s ago: executing program 8 (id=11595): r0 = socket(0x11, 0xa, 0x0) write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000000)=@unlock_all, 0x7) sendmsg$can_bcm(r0, &(0x7f0000000140)={&(0x7f0000000000), 0x10, &(0x7f0000000080)={0x0}, 0x8}, 0x0) 1.685997684s ago: executing program 2 (id=11596): mount$nfs(&(0x7f00000000c0)='\xb2\x83\x87J9I\xc3i\xe4\x81\xc5:\xccLD\x9d\xd8\xc7\x90v\x8b\x00\x00\x01\x00\x00\x00\x00\x00h#\xfacl\x01\x8cC\x1f|\xa5\xcb\x8f\xe5WJ\x00>\xf2\xd6\t\xf4I\xc5\xcb\x15A\xb5\xbbG\x9e\xea\xc4\x03\xf2\xf5\xf4\xa1\x9c\xe0Q<=\xb1\x9b,vjn\x8b[0\xd9\xcb\xf8\x1a\xdf\x9e\x89\x91H\xf4\x11p\xd2\x96\x82\xd9)6\xcdm\x88\x91\x1dv\xff\xb3\xad\x8b\x82\xcdR\x98\x80k1\xce}\x90\xe8e\xdb\xb1HL\x1d%\xc4\x1atCt\xb4\x00\xb29E\x87-\xd1\xcd\xf3w\"\v\xf3`\x06x\xb4TQ\x8dB\a\xe4\xe2\xf8\xd6%C\xf9\xd6~\xf80\xfcE\xa0\x80\x0e\"\xb0\a\x88\xbc\x7fbn\x02\xeb\x9b\x04\x1d\t', 0x0, 0x0, 0x123b058, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) syz_usb_connect(0x3, 0x8c6, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201500236e47e2082055c2955d4010203010902b408048006a00309047f0e01ff2dde700a2401010080020102082405"], &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0}) 1.512275658s ago: executing program 0 (id=11597): futex(&(0x7f00000040c0), 0x6, 0x4, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) futex(&(0x7f00000040c0), 0x7, 0x3, 0x0, 0x0, 0x0) 1.450281404s ago: executing program 8 (id=11598): socket$kcm(0x10, 0x2, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) setsockopt$sock_attach_bpf(r0, 0x29, 0x11, 0x0, 0x0) 1.29946891s ago: executing program 9 (id=11599): r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x141040, 0x0) lseek(r0, 0x5, 0x4) read$msr(r0, 0x0, 0x0) 1.271627922s ago: executing program 8 (id=11600): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x79, 0x6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x64, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x10, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x20}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000180)={0x40, 0x22, 0x7, {0x7, 0xd, "be811a4954"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 1.194259036s ago: executing program 0 (id=11601): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000007c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d38001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008330001800a00010072616e67650000000400028008000340000001", @ANYRES16=r0], 0xc4}}, 0x20050800) 949.097661ms ago: executing program 9 (id=11602): syz_mount_image$xfs(&(0x7f0000009600), &(0x7f0000009640)='./file0\x00', 0x200800, &(0x7f00000000c0)={[{@bsdgroups}, {@uqnoenforce}, {@swalloc}, {@filestreams}, {@grpquota}, {@allocsize={'allocsize', 0x3d, [0x30, 0x39, 0x6d]}}, {@gquota}], [{@flag='nomand'}]}, 0x4, 0x9606, &(0x7f0000012cc0)="$eJzs2gm8pnPhuP/nDGOXMVRSaiqiRdYsUc0MZigkS7QjS8pSUqESSgoVEe3Zt2xlCWVrJdlbKCFUskRabMP8X8ecYYyLb/36/l++dV3X63XO8zz3c9/3+Tyf972cw2wyaYOJg8Ecg2mNG8zceddOnjLm6nXvOGrz+Y9d5tR7DnjsiouOH3mcMPI4cTAYjBp5e2jasrGD004fNZj14eWPNveccw3NOxgsO/JyZD+DFac9zHvF9PWmztTMAx169Ns+074ebr7hHzH85PAD9jpiMBiMmWH7ocFgaPfHfVBpm0yYPOlRq0fchq1Gjzyf8Wu2aV/zXjwYzHvmgI+PGdcdego+0vDP3P0l545e9yn42f9xbTJh8loz+Q+fi7OMLFtx+Byf+Rw0NvNxfttim648MoUPH2+DwfAl7jHnyn9Em0yYtPbgia/zg6NWuXCfqdOum7MPpt0o5hwMBnONXF/neapd6t9rwsTlHr5nT389wj79WN6djosT3n7yQ8M36cFgsMBgMHbN6feCqqqq+s9owsTlVoP7/xxPdv8/5ZSFz+z+X1VV9Z/bWhMmLjd8r5/p/j/Pk93/d1z4oj2n/bf/8StO2+qhp/ZDVFVV1b/UpLXw/j/mye7/K6522drd/6uqqv5zW3+dh+//88x0/1/wye7/bzl5lUVG1pv+e8ODM+xyaIb/n/DADMtnmWH5/TMsHz3DfmZcf7YZlt87w/LZh9+D9ccNBmOn/3vBKY8uHjtu+L2R5ffNsHz8o/9OZ9HVZ1g+YYblk2ZYPnFkrMPLJ8+wfPIM66/5JFNdVVX1f6b1l5u02mCGf2c/snih6e/T/f+Cs65b8qkab1VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVf1n9tAdZ587GAyGBoPBqMFgymDk+YyPg6lTp04dfn3K+Zdf/pQN9P9GQ+ddO3nKmKvXveOozec/dplT7zng0Vn6j+0//xPUv9Ow/xzHjxsMtt/oqR5KPQV1/rvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+4h+44+9yRY2DUYDBlMPJ89+mPZ+3/5reOrLryxqfedfCjWy46fpuRZ+ddO3nKNk/B2J+ChoY/65ir173jqM3nP3aZU+854L/g7PnP/wT17/Sw/zZDg8HI+T1m+Fxed8L6Gy4xGAwOvuvUjVcYPPLeSsPvrTJ2lsEsD2+6xMPf11iUd7z7mtMexw9/W/CRfZzy8P7XmnrYLEMzDWKGXnXejUe9a5N7lp/5cfEn/hyjpj854voz7p46derUxywcaY4n2Hj6/qd/lpnP85GxLzE89qV22u69S71/l12X3Ga7zbbecustt19muZWWX2HZZVZY+RVLbbXNtlsuPe37E8zZuIe/r/bPzNk8M8/ZHRNmnLOZP9sTzdm4J5+zh/c4ZdehDafP2az/4pyt9uRzNm6bkR+06PjRg00fnpqhwWDR1UcPdh5+sczsg8Gia4ysu9DwuquOHTUY7P/oBx1+Nvsjx+DQ7sPrbDJpg4mPjuzxn/Bx1+nHrLjo+JHHCSOPE6cNcdzg0UNx7OC000cNz8VjpnnuOecamncwWHbk5ch+BiuPvHvo9PWmztTMAx169Ns+074ebr7hnQw/effSZ18zfC7OtP3/H/0/Xf8f57XS0CMTNTTyNbLONK8Jk9d69Gc9PA3DczfLyLIVh01mnrP/zR433nGzDsY8yXgnrTVxueHFM83/9E3w+LpzsQs/PO3YGr/itK0e+n9GofHO8yTjXWsCjneeJxvv8R+59PRpu/pfG+9M17q1H/4+/p+51g2e/Fo3C+1gy0sWmfla97onHuJjzuPpczT7TCs90bVu50OW3X14/+Of/Fq39vDYRz/mWjdqMFh0tenXuuEL36TRg/2HXyw7/GLy6MGxwy+We/jFnIPzh1+8/J07bLvF8II1p8/J0sP7HT926GH3C1e8dfGpB06duvrIWMaPfexYR46PcTPezyeMnTaZ07edvt/hVafv95ZnTntv0sh+J/wL+52+LY33rvmmvTd5ZL8TZ9rv6CfZ7/RtH3c+LDH0yIXrCa43k2a63oz8jTP9xz3ma7ZpX/NePBjMeyb5zrTu/3jNpPN3jicZ74SJy602PL6Zzt9HDkc6fy+dfPXwvWLewWCwwGAwds3pY/8XG3qi8c765OOdCOOd9cnGe+Vx263zvzDewQzjfcxxtsn6046VNUeOs8n/wvE7fduZr2OjH3532mV/zX/mOjbucdexPWYZNdNkz9AT/c62Baw/7flCj/6ee+1Jx0yf+9Ez7fd/+p1ths8yBNexMTP9PT9qzRsGQzTnux+/6mVDBz35nI8ePPZvi+lzPn3bJ5vzyf/MnD/nyef8n/09eYkXTnt/9Ezjn3HO19vv2ftOn/PZZtrv/zTnk5/83vH4OR8/GE1zvvT90+btya6nTzTn07edPufDH3GVsbMO1hi+Z43M+aR/Zs4X+t85zueC9ac93/KRReccdeobp8/5zHP8P835pH91zsc9cpwv+vB7Lxg1mG22wc6b7bTTjstM+z795bLTvvO16N5rp83zk91Ln8ho+rZPdl6s/s8YjfmnjIb+J6OFZ30io0dPrSN32PEZ/6/XotX/VaMBX4uuPmbavD3Z70VPNOfTt6X74IIzbD/z36Hrr/Pw793zzHQfnL4J3gfPOWvtvafvcmSzB2ca5vT76gMzLJ9lhuX3z7B89Az7mXH92WZYfu8My4c/wmwzrD+dddzw37wjy6c8uvrY4V+exo0sv2+G5eMf3XbR1WdYPmGG5ZNmWD7x0UNj0ckzLJ88w/prDv7Fpv836W1mvsjXP1v//ddd/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+4h+44+9yRY2DUYDBlMO350MjjYPeh9W5/zfDjYDAYveKJU9d7qsf7FDd03rWTp4y5et07jtp8/mOXOfWeA/4Lzp7//E9Q/04P+28zNBiMnN9jthkMButOWH/DJQaDwXpTT1xx1OCR9xYafm/VsaMGg/2HHrOD2R9ZZ2j34XU2mbTBxMFgjpE1xj3uhz7uPHrMiouOH3mcMPI4cdr1adzg0eN17OC000cNZn14+aPNPedcQ/MOBsuOvBzZz2DFaQ/zXjF9vakzNfNAhx79ts+0r4ebb/hHDD/ZeevJzx2eq5m2/z/T9Gv1NqP+x1U7/93l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u/jX/jpb/thJ1l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5i3vojrPPHTkGRg0GUwbTng/tPvI4GDr5tBePHCKjd7nq6MOe6vE+xQ2dd+3kKWOuXveOozaf/9hlTr3ngP+Cs+c//xPUv9PD/tsMDQYj5/eYbQaDwboT1t9wicFgcNjRV+0yavDIewsNv7fq2FGDwf5Dj9nB7I+sM7T78DqbTNpg4mAwx8ga4x73Qx93Hj1mxUXHjzxOGHmcOO36NG7w6PE6dnDa6aMGsz68/NHmnnOuoXkHg2VHXo7sZ7DitId5r5i+3tSZmnmgQ49+22fa18PNN/wjhp/sNc+1Jw/P1Uzb/59p+rV6m1H/46qd/+7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5S/uoTvOPnfkGBg1GEwZTHs+auRxaPebb9ptw+HH4dfzr7n3tU/1eJ/ihs67dvKUMVeve8dRm89/7DKn3nPAf8HZ85//Cerfadh/juPHDQbbb/RUD6Wegjr/3eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvLX9xDd5x97sjTUY8uHbV7xwU2dN61k6eMuXrdO47afP5jlzn1ngOe6gH9uz2B/x75Yxb/PfPHLP4fzx+z+H8if8ziv1f+mMX/k/ljFv+988cs/p/KH7P4fzp/zOK/T/6YxX/f/DGL/375Yxb/z+SPWfw/mz9m8f9c/pjFf//8MYv/AfljFv/P549Z/A/MH7P4H5Q/ZvH/Qv6Yxf/g/DGL/yH5Yxb/L+aPWfy/lD9m8f9y/pjF/yv5Yxb/r+aPWfy/lj9m8f96/pjF/xv5Yxb/Q/PHLP6H5Y9Z/A/PH7P4H5E/ZvE/Mn/M4n9U/pjF/+j8MYv/MfljFv9j88cs/sflj1n8j88fs/h/M3/M4n9C/pjF/8T8MYv/SfljFv+T88cs/qfkj1n8v5U/ZvH/dv6Yxf/U/DGL/2n5Yxb/0/PHLP5n5I9Z/L+TP2bxPzN/zOJ/Vv6Yxf/s/DGL/3fzxyz+38sfs/ifkz9m8T83f8zif17+mMX//Pwxi/8F+WMW/+/nj1n8f5A/ZvH/Yf6Yxf9H+WMW/x/nj1n8f5I/ZvG/MH/M4n9R/pjF/6f5Yxb/i/PHLP4/yx+z+F+SP2bxvzR/zOJ/Wf6Yxf/y/DGL/xX5Yxb/K/PHLP5X5Y9Z/H+eP2bx/0X+mMX/l/ljFv9f5Y9Z/K/OH7P4X5M/ZvH/df6Yxf83+WMW/2vzxyz+v80fs/hflz9m8b8+f8zif0P+mMX/d/ljFv8b88cs/jflj1n8b84fs/j/Pn/M4v+H/DGL/x/zxyz+t+SPWfz/lD9m8b81f8zif1v+mMX/9vwxi/8d+WMW/z/nj1n878wfs/jflT9m8f9L/pjF/+78MYv/X/PHLP5/yx+z+P89f8zi/4/8MYv/PfljFv9788cs/vflj1n8788fs/g/kD9m8Z+SP2bxfzB/zOL/UP6YxX9q/pjEf5ZB/pjFfyh/zOI/Kn/M4j9L/pjFf9b8MYv/6Pwxi/9s+WMW/9nzxyz+c+SPWfznzB+z+M+VP2bxnzt/zOI/T/6YxX/e/DGL/9Pyxyz+8+WPWfzH5I9Z/OfPH7P4j80fs/gvkD9m8V8wf8zi//T8MYv/M/LHLP7PzB+z+C+UP2bxf1b+mMV/4fwxi/+z88cs/s/JH7P4L5I/ZvF/bv6Yxf95+WMW/3H5Yxb/5+ePWfxfkP/jmnXk0eD/wvwxy/m/aP6YxX+x/DGL/4vyxyz+i+ePWfyXyB+z+L84f8zi/5L8MYv/S/PHLP4vyx+z+C+ZP2bxf3n+mMV/qfwxi//S+WMW/2Xyxyz+y+aPWfyXyx+z+C+fP2bxf0X+mMV/hfwxi/+K+WMW/5Xyxyz+K+ePWfxfmT9m8V8lf8ziv2r+mMX/VfljFv9X549Z/F+TP2bxH58/ZvGfkD9m8Z+YP2bxXy1/zOK/ev6YxX+N/DGL/6T8MYv/ZJX/LP/0mhb/NVX+/3wW/7Xyxyz+r80fs/i/Ln/M4r92/pjFf538MYv/uvljFv/X549Z/NfLH7P4vyF/zOK/fv6YxX+D/DGL/4b5Yxb/jfLHLP5vzB+z+G+cP2bx3yR/zOL/pvwxi/+b88cs/m/JH7P4vzV/zOL/tvwxi//b88cs/u/IH7P4b5o/ZvHfLH/M4r95/pjF/535Yxb/LfLHLP5b5o9Z/LfKH7P4b50/ZvF/V/6YxX+b/DGL/7vzxyz+78kfs/hvmz9m8d8uf8ziv33+mMV/h/wxi/9788cs/u/LH7P475g/ZvF/f/6YxX+n/DGL/wfyxyz+H8wfs/h/KH/M4r9z/pjFf5f8MYv/rvljFv8P549Z/D+SP2bx/2j+mMV/t/wxi//H8scs/rvnj1n898gfs/jvmT9m8f94/pjF/xP5Yxb/vfLHLP6fzB+z+O+dP2bx/1T+mMX/0/ljFv998scs/vvmj1n898sfs/h/Jn/M4v/Z/DGL/+fyxyz+++ePWfwPyB+z+H8+f8zif2D+mMX/oPwxi/8X8scs/gfnj1n8D8kfs/h/MX/M4v+l/DGL/5fzxyz+X8kfs/h/NX/M4v+1/DGL/9fzxyz+38gfs/gfmj9m8T8sf8zif3j+mMX/iPwxi/+R+WMW/6Pyxyz+R+ePWfyPyR+z+B+bP2bxPy5/zOJ/fP6Yxf+b+WMW/xPyxyz+J+aPWfxPyh+z+J+cP2bxPyV/zOL/rfwxi/+388cs/qfmj1n8T8sfs/ifnj9m8T8jf8zi/538MYv/mfljFv+z8scs/mfnj1n8v5s/ZvH/Xv6Yxf+c/DGL/7n5Yxb/8/LHLP7n549Z/C/IH7P4fz9/zOL/g/wxi/8P88cs/j/KH7P4/zh/zOL/k/wxi/+F+WMW/4vyxyz+P80fs/hfnD9m8f9Z/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8b8qf8zi//P8MYv/L/LHLP6/zB+z+P8qf8zif3X+mMX/mvwxi/+v88cs/r/JH7P4X5s/ZvH/bf6Yxf+6/DGL//X5Yxb/G/LHLP6/yx+z+N+YP2bxvyl/zOJ/c/6Yxf/3+WMW/z/kj1n8/5g/ZvG/JX/M4v+n/DGL/635Yxb/2/LHLP63549Z/O/IH7P4/zl/zOJ/Z/6Yxf+u/DGL/1/yxyz+d+ePWfz/mj9m8f9b/pjF/+/5Yxb/f+SPWfzvyR+z+N+bP2bxvy9/zOJ/f/6Yxf+B/DGL/5T8MYv/g/ljFv+H8scs/lPzxyT+sw7yxyz+Q/ljFv9R+WMW/1nyxyz+s+aPWfxH549Z/GfLH7P4z54/ZvGfI3/M4j9n/pjFf678MYv/3PljFv958scs/vPmj1n8n5Y/ZvGfL3/M4j8mf8ziP3/+mMV/bP6YxX+B/DGL/4L5Yxb/p+ePWfyfkT9m8X9m/pjFf6H8MYv/s/LHLP4L549Z/J+dP2bxf07+mMV/kfwxi/9z88cs/s/LH7P4j8sfs/g/P3/M4v+C/DGL/wvzxyz+i+aPWfwXyx+z+L8of8ziv3j+mMV/ifwxi/+L88cs/i/JH7P4vzR/zOL/svwxi/+S+WMW/5fnj1n8l8ofs/gvnT9m8V8mf8ziv2z+mMV/ufwxi//y+WMW/1fkj1n8V8gfs/ivmD9m8V8pf8ziv3L+mMX/lfljFv9V8scs/qvmj1n8X5U/ZvF/df6Yxf81+WMW//H5Yxb/CfljFv+J+WMW/9Xyxyz+q+ePWfzXyB+z+E/KH7P4T84fs/ivmT9m8V8rf8zi/9r8MYv/6/LHLP5r549Z/NfJH7P4r5s/ZvF/ff6YxX+9/DGL/xsGl+cPWfzX7/zHLP4b5I9Z/DfMH7P4b5Q/ZvF/Y/6YxX/j/DGL/yb5Yxb/N+WPWfzfnD9m8X9L/pjF/635Yxb/t+WPWfzfnj9m8X9H/pjFf9P8MYv/ZvljFv/N88cs/u/MH7P4b5E/ZvHfMn/M4r9V/pjFf+v8MYv/u/LHLP7b5I9Z/N+dP2bxf0/+mMV/2/wxi/92+WMW/+3zxyz+O+SPWfzfmz9m8X9f/pjFf8f8MYv/+/PHLP475Y9Z/D+QP2bx/2D+mMX/Q/ljFv+d88cs/rvkj1n8d80fs/h/OH/M4v+R/DGL/0fzxyz+u+WPWfw/lj9m8d89f8ziv0f+mMV/z/wxi//H88cs/p/IH7P475U/ZvH/ZP6YxX/v/DGL/6fyxyz+n84fs/jvkz9m8d83f8ziv1/+mMX/M/ljFv/P5o9Z/D+XP2bx3z9/zOJ/QP6Yxf/z+WMW/wPzxyz+B+WPWfy/kD9m8T84f8zif0j+mMX/i/ljFv8v5Y9Z/L+cP2bx/0r+mMX/q/ljFv+v5Y9Z/L+eP2bx/0b+mMX/0Pwxi/9h+WMW/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOJ/TP6Yxf/Y/DGL/3H5Yxb/4/PHLP7fzB+z+J+QP2bxPzF/zOJ/Uv6Yxf/k/DGL/yn5Yxb/b+WPWfy/nT9m8T81f8zif1r+mMX/9Pwxi/8Z+WMW/+/kj1n8z8wfs/iflT9m8T87f8zi/938MYv/9/LHLP7n5I9Z/M/NH7P4n5c/ZvE/P3/M4n9B/pjF//v5Yxb/H+SPWfx/mD9m8f9R/pjF/8f5Yxb/n+SPWfwvzB+z+F+UP2bx/2n+mMX/4vwxi//P8scs/pfkj1n8L80fs/hflj9m8b88f8zif0X+mMX/yvwxi/9V+WMW/5/nj1n8f5E/ZvH/Zf6Yxf9X+WMW/6vzxyz+1+SPWfx/nT9m8f9N/pjF/9r8MYv/b/PHLP7X5Y9Z/K/PH7P435A/ZvH/Xf6Yxf/G/DGL/035Yxb/m/PHLP6/zx+z+P8hf8zi/8f8MYv/LfljFv8/5Y9Z/G/NH7P435Y/ZvG/PX/M4n9H/pjF/8/5Yxb/O/PHLP535Y9Z/P+SP2bxvzt/zOL/1/wxi//f8scs/n/PH7P4/yN/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/Kfkj1n8H8wfs/g/lD9m8Z+aPybxHz3IH7P4D+WPWfxH5Y9Z/GfJH7P4z5o/ZvEfnT9m8Z8tf8ziP3v+mMV/jvwxi/+c+WMW/7nyxyz+c+ePWfznyR+z+M+bP2bxf1r+mMV/vvwxi/+Y/DGL//z5Yxb/sfljFv8F8scs/gvmj1n8n54/ZvF/Rv6Yxf+Z+WMW/4Xyxyz+z8ofs/gvnD9m8X92/pjF/zn5Yxb/RfLHLP7PzR+z+D8vf8ziPy5/zOL//Pwxi/8L8scs/i/MH7P4L5o/ZvFfLH/M4v+i/DGL/+L5Yxb/JfLHLP4vzh+z+L8kf8zi/9L8MYv/y/LHLP5L5o9Z/F+eP2bxXyp/zOK/dP6YxX+Z/DGL/7L5Yxb/5fLHLP7L549Z/F+RP2bxXyF/zOK/Yv6YxX+l/DGL/8r5Yxb/V+aPWfxXyR+z+K+aP2bxf1X+mMX/1fljFv/X5I9Z/Mfnj1n8J+SPWfwn5o9Z/FfLH7P4r54/ZvFfI3/M4j8pf8ziPzl/zOK/Zv6YxX+t/DGL/2vzxyz+r8sfs/ivnT9m8V8nf8ziv27+mMX/9fljFv/18scs/m/IH7P4r58/ZvHfIH/M4r9h/pjFf6P8MYv/G/PHLP4b549Z/DfJH7P4vyl/zOL/5vwxi/9b8scs/m/NH7P4vy1/zOL/9vwxi/878scs/pvmj1n8N8sfs/hvnj9m8X9n/pjFf4v8MYv/lvljFv+t8scs/lvnj1n835U/ZvHfJn/M4v/u/DGL/3vyxyz+2+aPWfy3yx+z+G+fP2bx3yF/zOL/3vwxi//78scs/jvmj1n8358/ZvHfKX/M4v+B/DGL/wfzxyz+H8ofs/jvnD9m8d8lf8ziv2v+mMX/w/ljFv+P5I9Z/D+aP2bx3y1/zOL/sfwxi//u+WMW/z3yxyz+e+aPWfw/nj9m8f9E/pjFf6/8MYv/J/PHLP57549Z/D+VP2bx/3T+mMV/n/wxi/+++WMW//3yxyz+n8kfs/h/Nn/M4v+5/DGL//75Yxb/A/LHLP6fzx+z+B+YP2bxPyh/zOL/hfwxi//B+WMW/0Pyxyz+X8wfs/h/KX/M4v/l/DGL/1fyxyz+X80fs/h/LX/M4v/1/DGL/zfyxyz+h+aPWfwPyx+z+B+eP2bxPyJ/zOJ/ZP6Yxf+o/DGL/9H5Yxb/Y/LHLP7H5o9Z/I/LH7P4H58/ZvH/Zv6Yxf+E/DGL/4n5Yxb/k/LHLP4n549Z/E/JH7P4fyt/zOL/7fwxi/+p+WMW/9Pyxyz+p+ePWfzPyB+z+H8nf8zif2b+mMX/rPwxi//Z+WMW/+/mj1n8v5c/ZvE/J3/M4n9u/pjF/7z8MYv/+fljFv8L8scs/t/PH7P4/yB/zOL/w/wxi/+P8scs/j/OH7P4/yR/zOJ/Yf6Yxf+i/DGL/0/zxyz+F+ePWfx/lj9m8b8kf8zif2n+mMX/svwxi//l+WMW/yvyxyz+V+aPWfyvyh+z+P88f8zi/4v8MYv/L/PHLP6/yh+z+F+dP2bxvyZ/zOL/6/wxi/9v8scs/tfmj1n8f5s/ZvG/Ln/M4n99/pjF/4b8MYv/7/LHLP435o9Z/G/KH7P435w/ZvH/ff6Yxf8P+WMW/z/mj1n8b8kfs/j/KX/M4n9r/pjF/7b8MYv/7fljFv878scs/n/OH7P435k/ZvG/K3/M4v+X/DGL/935Yxb/v+aPWfz/lj9m8f97/pjF/x/5Yxb/e/LHLP735o9Z/O/LH7P4358/ZvF/IH/M4j8lf8zi/2D+mMX/ofwxi//U/DGJ/2yD/DGL/1D+mMV/VP6YxX+W/DGL/6z5Yxb/0fljFv/Z8scs/rPnj1n858gfs/jPmT9m8Z8rf8ziP3f+mMV/nvwxi/+8+WMW/6flj1n858sfs/iPyR+z+M+fP2bxH5s/ZvFfIH/M4r9g/pjF/+n5Yxb/Z+SPWfyfmT9m8V8of8zi/6z8MYv/wvljFv9n549Z/J+TP2bxXyR/zOL/3Pwxi//z8scs/uPyxyz+z88fs/i/IH/M4v/C/DGL/6L5Yxb/xfLHLP4vyh+z+C+eP2bxXyJ/zOL/4vwxi/9L8scs/i/NH7P4vyx/zOK/ZP6Yxf/l+WMW/6Xyxyz+S+ePWfyXyR+z+C+bP2bxXy5/zOK/fP6Yxf8V+WMW/xXyxyz+K+aPWfxXyh+z+K+cP2bxf2X+mMV/lfwxi/+q+WMW/1flj1n8X50/ZvF/Tf6YxX98/pjFf0L+mMV/Yv6YxX+1/DGL/+r5Yxb/NfLHLP6T8scs/pPzxyz+a+aPWfzXyh+z+L82f8zi/7r8MYv/2vljFv918scs/uvmj1n8X58/ZvFfL3/M4v+G/DGL//r5Yxb/DfLHLP4b5o9Z/DfKH7P4vzF/zOK/cf6YxX+T/DGL/5vyxyz+b84fs/i/JX/M4v/W/DGL/9vyxyz+b88fs/i/I3/M4r9p/pjFf7P8MYv/5vljFv935o9Z/LfIH7P4b5k/ZvHfKn/M4r91/pjF/135Yxb/bfLHLP7vzh+z+L8nf8ziv23+mMV/u/wxi//2+WMW/x3yxyz+780fs/i/L3/M4r9j/pjF//35Yxb/nfLHLP4fyB+z+H8wf8zi/6H8MYv/zvljFv9d8scs/rvmj1n8P5w/ZvH/SP6Yxf+j+WMW/93yxyz+H8sfs/jvnj9m8d8jf8ziv2f+mMX/4/ljFv9P5I9Z/PfKH7P4fzJ/zOK/d/6Yxf9T+WMW/0/nj1n898kfs/jvmz9m8d8vf8zi/5n8MYv/Z/PHLP6fyx+z+O+fP2bxPyB/zOL/+fwxi/+B+WMW/4Pyxyz+X8gfs/gfnD9m8T8kf8zi/8X8MYv/l/LHLP5fzh+z+H8lf8zi/9X8MYv/1/LHLP5fzx+z+H8jf8zif2j+mMX/sPwxi//h+WMW/yPyxyz+R+aPWfyPyh+z+B+dP2bxPyZ/zOJ/bP6Yxf+4/DGL//H5Yxb/b+aPWfxPyB+z+J+YP2bxPyl/zOJ/cv6Yxf+U/DGL/7fyxyz+384fs/ifmj9m8T8tf8zif3r+mMX/jPwxi/938scs/mfmj1n8z8ofs/ifnT9m8f9u/pjF/3v5Yxb/c/LHLP7n5o9Z/M/LH7P4n58/ZvG/IH/M4v/9/DGL/w/yxyz+P8wfs/j/KH/M4v/j/DGL/0/yxyz+F+aPWfwvyh+z+P80f8zif3H+mMX/Z/ljFv9L8scs/pfmj1n8L8sfs/hfnj9m8b8if8zif2X+mMX/qvwxi//P88cs/r/IH7P4/zJ/zOL/q/wxi//V+WMW/2vyxyz+v84fs/j/Jn/M4n9t/pjF/7f5Yxb/6/LHLP7X549Z/G/IH7P4/y5/zOJ/Y/6Yxf+m/DGL/835Yxb/3+ePWfz/kD9m8f9j/pjF/5b8MYv/n/LHLP635o9Z/G/LH7P4354/ZvG/I3/M4v/n/DGL/535Yxb/u/LHLP5/yR+z+N+dP2bx/2v+mMX/b/ljFv+/549Z/P+RP2bxvyd/zOJ/b/6Yxf++/DGL//35Yxb/B/LHLP5T8scs/g/mj1n8H8ofs/hPzR+T+M8+yB+z+A/lj1n8R+WPWfxnyR+z+M+aP2bxH50/ZvGfLX/M4j97/pjFf478MYv/nPljFv+58scs/nPnj1n858kfs/jPmz9m8X9a/pjFf778MYv/mPwxi//8+WMW/7H5Yxb/BfLHLP4L5o9Z/J+eP2bxf0b+mMX/mfljFv+F8scs/s/KH7P4L5w/ZvF/dv6Yxf85+WMW/0Xyxyz+z80fs/g/L3/M4j8uf8zi//z8MYv/C/LHLP4vzB+z+C+aP2bxXyx/zOL/ovwxi//i+WMW/yXyxyz+L84fs/i/JH/M4v/S/DGL/8vyxyz+S+aPWfxfnj9m8V8qf8ziv3T+mMV/mfwxi/+y+WMW/+Xyxyz+y+ePWfxfkT9m8V8hf8ziv2L+mMV/pfwxi//K+WMW/1fmj1n8V8kfs/ivmj9m8X9V/pjF/9X5Yxb/1+SPWfzH549Z/Cfkj1n8J+aPWfxXyx+z+K+eP2bxXyN/zOI/KX/M4j85f8ziv2b+mMV/rfwxi/9r88cs/q/LH7P4r50/ZvFfJ3/M4r9u/pjF//X5Yxb/9fLHLP5vyB+z+K+fP2bx3yB/zOK/Yf6YxX+j/DGL/xvzxyz+G+ePWfw3yR+z+L8pf8zi/+b8MYv/W/LHLP5vzR+z+L8tf8zi//b8MYv/O/LHLP6b5o9Z/DfLH7P4b54/ZvF/Z/6YxX+L/DGL/5b5Yxb/rfLHLP5b549Z/N+VP2bx3yZ/zOL/7vwxi/978scs/tvmj1n8t8sfs/hvnz9m8d8hf8zi/978MYv/+/LHLP475o9Z/N+fP2bx3yl/zOL/gfwxi/8H88cs/h/KH7P475w/ZvHfJX/M4r9r/pjF/8P5Yxb/j+SPWfw/mj9m8d8tf8zi/7H8MYv/7vljFv898scs/nvmj1n8P54/ZvH/RP6YxX+v/DGL/yfzxyz+e+ePWfw/lT9m8f90/pjFf5/8MYv/vvljFv/98scs/p/JH7P4fzZ/zOL/ufwxi//++WMW/wPyxyz+n88fs/gfmD9m8T8of8zi/4X8MYv/wfljFv9D8scs/l/MH7P4fyl/zOL/5fwxi/9X8scs/l/NH7P4fy1/zOL/9fwxi/838scs/ofmj1n8D8sfs/gfnj9m8T8if8zif2T+mMX/qPwxi//R+WMW/2Pyxyz+x+aPWfyPyx+z+B+fP2bx/2b+mMX/hPwxi/+J+WMW/5Pyxyz+J+ePWfxPyR+z+H8rf8zi/+38MYv/qfljFv/T8scs/qfnj1n8z8gfs/h/J3/M4n9m/pjF/6z8MYv/2fljFv/v5o9Z/L+XP2bxPyd/zOJ/bv6Yxf+8/DGL//n5Yxb/C/LHLP7fzx+z+P8gf8zi/8P8MYv/j/LHLP4/zh+z+P8kf8zif2H+mMX/ovwxi/9P88cs/hfnj1n8f5Y/ZvG/JH/M4n9p/pjF/7L8MYv/5fljFv8r8scs/lfmj1n8r8ofs/j/PH/M4v+L/DGL/y/zxyz+v8ofs/hfnT9m8b8mf8zi/+v8MYv/b/LHLP7X5o9Z/H+bP2bxvy5/zOJ/ff6Yxf+G/DGL/+/yxyz+N+aPWfxvyh+z+N+cP2bx/33+mMX/D/ljFv8/5o9Z/G/JH7P4/yl/zOJ/a/6Yxf+2/DGL/+35Yxb/O/LHLP5/zh+z+N+ZP2bxvyt/zOL/l/wxi//d+WMW/7/mj1n8/5Y/ZvH/e/6Yxf8f+WMW/3vyxyz+9+aPWfzvyx+z+N+fP2bxfyB/zOI/JX/M4v9g/pjF/6H8MYv/1Pwxif8cg/wxi/9Q/pjFf1T+mMV/lvwxi/+s+WMW/9H5Yxb/2fLHLP6z549Z/OfIH7P4z5k/ZvGfK3/M4j93/pjFf578MYv/vPljFv+n5Y9Z/OfLH7P4j8kfs/jPnz9m8R+bP2bxXyB/zOK/YP6Yxf/p+WMW/2fkj1n8n5k/ZvFfKH/M4v+s/DGL/8L5Yxb/Z+ePWfyfkz9m8V8kf8zi/9z8MYv/8/LHLP7j8scs/s/PH7P4vyB/zOL/wvwxi/+i+WMW/8Xyxyz+L8ofs/gvnj9m8V8if8zi/+L8MYv/S/LHLP4vzR+z+L8sf8ziv2T+mMX/5fljFv+l8scs/kvnj1n8l8kfs/gvmz9m8V8uf8ziv3z+mMX/FfljFv8V8scs/ivmj1n8V8ofs/ivnD9m8X9l/pjFf5X8MYv/qvljFv9X5Y9Z/F+dP2bxf03+mMV/fP6YxX9C/pjFf2L+mMV/tfwxi//q+WMW/zXyxyz+k/LHLP6T88cs/mvmj1n818ofs/i/Nn/M4v+6/DGL/9r5Yxb/dfLHLP7r5o9Z/F+fP2bxXy9/zOL/hvwxi//6+WMW/w3yxyz+G+aPWfw3yh+z+L8xf8ziv3H+mMV/k/wxi/+b8scs/m/OH7P4vyV/zOL/1vwxi//b8scs/m/PH7P4vyN/zOK/af6YxX+z/DGL/+b5Yxb/d+aPWfy3yB+z+G+ZP2bx3yp/zOK/df6Yxf9d+WMW/23yxyz+784fs/i/J3/M4r9t/pjFf7v8MYv/9vljFv8d8scs/u/NH7P4vy9/zOK/Y/6Yxf/9+WMW/53yxyz+H8gfs/h/MH/M4v+h/DGL/875Yxb/XfLHLP675o9Z/D+cP2bx/0j+mMX/o/ljFv/d8scs/h/LH7P4754/ZvHfI3/M4r9n/pjF/+P5Yxb/T+SPWfz3yh+z+H8yf8ziv3f+mMX/U/ljFv9P549Z/PfJH7P475s/ZvHfL3/M4v+Z/DGL/2fzxyz+n8sfs/jvnz9m8T8gf8zi//n8MYv/gfljFv+D8scs/l/IH7P4H5w/ZvE/JH/M4v/F/DGL/5fyxyz+X84fs/h/JX/M4v/V/DGL/9fyxyz+X88fs/h/I3/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/2/mj1n8T8gfs/ifmD9m8T8pf8zif3L+mMX/lPwxi/+38scs/t/OH7P4n5o/ZvE/LX/M4n96/pjF/4z8MYv/d/LHLP5n5o9Z/M/KH7P4n50/ZvH/bv6Yxf97+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOL//fwxi/8P8scs/j/MH7P4/yh/zOL/4/wxi/9P8scs/hfmj1n8L8ofs/j/NH/M4n9x/pjF/2f5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/6r8MYv/z/PHLP6/yB+z+P8yf8zi/6v8MYv/1fljFv9r8scs/r/OH7P4/yZ/zOJ/bf6Yxf+3+WMW/+vyxyz+1+ePWfxvyB+z+P8uf8zif2P+mMX/pvwxi//N+WMW/9/nj1n8/5A/ZvH/Y/6Yxf+W/DGL/5/yxyz+t+aPWfxvyx+z+N+eP2bxvyN/zOL/5/wxi/+d+WMW/7vyxyz+f8kfs/jfnT9m8f9r/pjF/2/5Yxb/v+ePWfz/kT9m8b8nf8zif2/+mMX/vvwxi//9+WMW/wfyxyz+U/LHLP4P5o9Z/B/KH7P4T80fk/jPOcgfs/gP5Y9Z/Eflj1n8Z8kfs/jPmj9m8R+dP2bxny1/zOI/e/6YxX+O/DGL/5z5Yxb/ufLHLP5z549Z/OfJH7P4z5s/ZvF/Wv6YxX++/DGL/5j8MYv//PljFv+x+WMW/wXyxyz+C+aPWfyfnj9m8X9G/pjF/5n5Yxb/hfLHLP7Pyh+z+C+cP2bxf3b+mMX/OfljFv9F8scs/s/NH7P4Py9/zOI/Ln/M4v/8/DGL/wvyxyz+L8wfs/gvmj9m8V8sf8zi/6L8MYv/4vljFv8l8scs/i/OH7P4vyR/zOL/0vwxi//L8scs/kvmj1n8X54/ZvFfKn/M4r90/pjFf5n8MYv/svljFv/l8scs/svnj1n8X5E/ZvFfIX/M4r9i/pjFf6X8MYv/yvljFv9X5o9Z/FfJH7P4r5o/ZvF/Vf6Yxf/V+WMW/9fkj1n8x+ePWfwn5I9Z/Cfmj1n8V8sfs/ivnj9m8V8jf8ziPyl/zOI/OX/M4r9m/pjFf638MYv/a/PHLP6vyx+z+K+dP2bxXyd/zOK/bv6Yxf/1+WMW//Xyxyz+b8gfs/ivnz9m8d8gf8ziv2H+mMV/o/wxi/8b88cs/hvnj1n8N8kfs/i/KX/M4v/m/DGL/1vyxyz+b80fs/i/LX/M4v/2/DGL/zvyxyz+m+aPWfw3yx+z+G+eP2bxf2f+mMV/i/wxi/+W+WMW/63yxyz+W+ePWfzflT9m8d8mf8zi/+78MYv/e/LHLP7b5o9Z/LfLH7P4b58/ZvHfIX/M4v/e/DGL//vyxyz+O+aPWfzfnz9m8d8pf8zi/4H8MYv/B/PHLP4fyh+z+O+cP2bx3yV/zOK/a/6Yxf/D+WMW/4/kj1n8P5o/ZvHfLX/M4v+x/DGL/+75Yxb/PfLHLP575o9Z/D+eP2bx/0T+mMV/r/wxi/8n88cs/nvnj1n8P5U/ZvH/dP6YxX+f/DGL/775Yxb//fLHLP6fyR+z+H82f8zi/7n8MYv//vljFv8D8scs/p/PH7P4H5g/ZvE/KH/M4v+F/DGL/8H5Yxb/Q/LHLP5fzB+z+H8pf8zi/+X8MYv/V/LHLP5fzR+z+H8tf8zi//X8MYv/N/LHLP6H5o9Z/A/LH7P4H54/ZvE/In/M4n9k/pjF/6j8MYv/0fljFv9j8scs/sfmj1n8j8sfs/gfnz9m8f9m/pjF/4T8MYv/ifljFv+T8scs/ifnj1n8T8kfs/h/K3/M4v/t/DGL/6n5Yxb/0/LHLP6n549Z/M/IH7P4fyd/zOJ/Zv6Yxf+s/DGL/9n5Yxb/7+aPWfy/lz9m8T8nf8zif27+mMX/vPwxi//5+WMW/wvyxyz+388fs/j/IH/M4v/D/DGL/4/yxyz+P84fs/j/JH/M4n9h/pjF/6L8MYv/T/PHLP4X549Z/H+WP2bxvyR/zOJ/af6Yxf+y/DGL/+X5Yxb/K/LHLP5X5o9Z/K/KH7P4/zx/zOL/i/wxi/8v88cs/r/KH7P4X50/ZvG/Jn/M4v/r/DGL/2/yxyz+1+aPWfx/mz/2WP/RT/Vw/v2ewP+6/DHL+X99/pjF/4b8MYv/7/LHLP435o9Z/G/KH7P435w/ZvH/ff6Yxf8P+WMW/z/mj1n8b8kfs/j/KX/M4n9r/pjF/7b8MYv/7fljFv878scs/n/OH7P435k/ZvG/K3/M4v+X/DGL/935Yxb/v+aPWfz/lj9m8f97/pjF/x/5Yxb/e/LHLP735o9Z/O/LH7P4358/ZvF/IH/M4j8lf8zi/2D+mMX/ofwxi//U/DGJ/1yD/DGL/1D+mMV/VP6YxX+W/DGL/6z5Yxb/0fljFv/Z8scs/rPnj1n858gfs/jPmT9m8Z8rf+y/33+OR97K//H99/s/3Fzz5I9Z/OfNH7P4Py1/zOI/X/6YxX9M/pjFf/78MYv/2Pwxi/8C+WMW/wXzxyz+T88fs/g/I3/M4v/M/DGL/0L5Yxb/Z+WPWfwXzh+z+D87f8zi/5z8MYv/IvljFv/n5o9Z/J+XP2bxH5c/ZvF/fv6Yxf8F+WMW/xfmj1n8F80fs/gvlj9m8X9R/pjFf/H8MYv/EvljFv8X549Z/F+SP2bxf2n+mMX/ZfljFv8l88cs/i/PH7P4L5U/ZvFfOn/M4r9M/pjFf9n8MYv/cvljFv/l88cs/q/IH7P4r5A/ZvFfMX/M4r9S/pjFf+X8MYv/K/PHLP6r5I9Z/FfNH7P4vyp/zOL/6vwxi/9r8scs/uPzxyz+E/LHLP4T88cs/qvlj1n8V88fs/ivkT9m8Z+UP2bxn5w/ZvFfM3/M4r9W/pjF/7X5Yxb/1+WPWfzXzh+z+K+TP2bxXzd/zOL/+vwxi/96+WMW/zfkj1n8188fs/hvkD9m8d8wf8ziv1H+mMX/jfljFv+N88cs/pvkj1n835Q/ZvF/c/6Yxf8t+WMW/7fmj1n835Y/ZvF/e/6Yxf8d+WMW/03zxyz+m+WPWfw3zx+z+L8zf8ziv0X+mMV/y/wxi/9W+WMW/63zxyz+78ofs/hvkz9m8X93/pjF/z35Yxb/bfPHLP7b5Y9Z/LfPH7P475A/ZvF/b/6Yxf99+WMW/x3zxyz+788fs/jvlD9m8f9A/pjF/4P5Yxb/D+WPWfx3zh+z+O+SP2bx3zV/zOL/4fwxi/9H8scs/h/NH7P475Y/ZvH/WP6YxX/3/DGL/x75Yxb/PfPHLP4fzx+z+H8if8ziv1f+mMX/k/ljFv+988cs/p/KH7P4fzp/zOK/T/6YxX/f/DGL/375Yxb/z+SPWfw/mz9m8f9c/pjFf//8MYv/AfljFv/P549Z/A/MH7P4H5Q/ZvH/Qv6Yxf/g/DGL/yH5Yxb/L+aPWfy/lD9m8f9y/pjF/yv5Yxb/r+aPWfy/lj9m8f96/pjF/xv5Yxb/Q/PHLP6H5Y9Z/A/PH7P4H5E/ZvE/Mn/M4n9U/pjF/+j8MYv/MfljFv9j88cs/sflj1n8j88fs/h/M3/M4n9C/pjF/8T8MYv/SfljFv+T88cs/qfkj1n8v5U/ZvH/dv6Yxf/U/DGL/2n5Yxb/0/PHLP5n5I9Z/L+TP2bxPzN/zOJ/Vv6Yxf/s/DGL/3fzxyz+38sfs/ifkz9m8T83f8zif17+mMX//Pwxi/8F+WMW/+/nj1n8f5A/ZvH/Yf6Yxf9H+WMW/x/nj1n8f5I/ZvG/MH/M4n9R/pjF/6f5Yxb/i/PHLP4/yx+z+F+SP2bxvzR/zOJ/Wf6Yxf/y/DGL/xX5Yxb/K/PHLP5X5Y9Z/H+eP2bx/0X+mMX/l/ljFv9f5Y9Z/K/OH7P4X5M/ZvH/df6Yxf83+WMW/2vzxyz+v80fs/hflz9m8b8+f8zif0P+mMX/d/ljFv8b88cs/jflj1n8b84fs/j/Pn/M4v+H/DGL/x/zxyz+t+SPWfz/lD9m8b81f8zif1v+mMX/9vwxi/8d+WMW/z/nj1n878wfs/jflT9m8f9L/pjF/+78MYv/X/PHLP5/yx+z+P89f8zi/4/8MYv/PfljFv9788cs/vflj1n8788fs/g/kD9m8Z+SP2bxfzB/zOL/UP6YxX9q/pjEf+5B/pjFfyh/zOI/Kn/M4j9L/pjFf9b8MYv/6Pwxi/9s+WMW/9nzxyz+c+SPWfznzB+z+M+VP2bxnzt/zOI/T/6YxX/e/DGL/9Pyxyz+8+WPWfzH5I9Z/OfPH7P4j80fs/gvkD9m8V8wf8zi//T8MYv/M/LHLP7PzB+z+C+UP2bxf1b+mMV/4fwxi/+z88cs/s/JH7P4L5I/ZvF/bv6Yxf95+WMW/3H5Yxb/5+ePWfxfkD9m8X9h/pjFf9H8MYv/YvljFv8X5Y9Z/BfPH7P4L5E/ZvF/cf6Yxf8l+WMW/5fmj1n8X5Y/ZvFfMn/M4v/y/DGL/1L5Yxb/pfPHLP7L5I9Z/JfNH7P4L5c/ZvFfPn/M4v+K/DGL/wr5Yxb/FfPHLP4r5Y9Z/FfOH7P4vzJ/zOK/Sv6YxX/V/DGL/6vyxyz+r84fs/i/Jn/M4j8+f8ziPyF/zOI/MX/M4r9a/pjFf/X8MYv/GvljFv9J+WMW/8n5Yxb/NfPHLP5r5Y9Z/F+bP2bxf13+mMV/7fwxi/86+WMW/3Xzxyz+r88fs/ivlz9m8X9D/pjFf/38MYv/BvljFv8N88cs/hvlj1n835g/ZvHfOH/M4r9J/pjF/035Yxb/N+ePWfzfkj9m8X9r/pjF/235Yxb/t+ePWfzfkT9m8d80f8ziv1n+mMV/8/wxi/8788cs/lvkj1n8t8wfs/hvlT9m8d86f8zi/678MYv/NvljFv93549Z/N+TP2bx3zZ/zOK/Xf6YxX/7/DGL/w75Yxb/9+aPWfzflz9m8d8xf8zi//78MYv/TvljFv8P5I9Z/D+YP2bx/1D+mMV/5/wxi/8u+WMW/13zxyz+H84fs/h/JH/M4v/R/DGL/275Yxb/j+WPWfx3zx+z+O+RP2bx3zN/zOL/8fwxi/8n8scs/nvlj1n8P5k/ZvHfO3/M4v+p/DGL/6fzxyz+++SPWfz3zR+z+O+XP2bx/0z+mMX/s/ljFv/P5Y9Z/PfPH7P4H5A/ZvH/fP6Yxf/A/DGL/0H5Yxb/L+SPWfwPzh+z+B+SP2bx/2L+mMX/S/ljFv8v549Z/L+SP2bx/2r+mMX/a/ljFv+v549Z/L+RP2bxPzR/zOJ/WP6Yxf/w/DGL/xH5Yxb/I/PHLP5H5Y9Z/I/OH7P4H5M/ZvE/Nn/M4n9c/pjF//j8MYv/N/PHLP4n5I9Z/E/MH7P4n5Q/ZvE/OX/M4n9K/pjF/1v5Yxb/b+ePWfxPzR+z+J+WP2bxPz1/zOJ/Rv6Yxf87+WMW/zPzxyz+Z+WPWfzPzh+z+H83f8zi/738MYv/OfljFv9z88cs/uflj1n8z88fs/hfkD9m8f9+/pjF/wf5Yxb/H+aPWfx/lD9m8f9x/pjF/yf5Yxb/C/PHLP4X5Y9Z/H+aP2bxvzh/zOL/s/wxi/8l+WMW/0vzxyz+l+WPWfwvzx+z+F+RP2bxvzJ/zOJ/Vf6Yxf/n+WMW/1/kj1n8f5k/ZvH/Vf6Yxf/q/DGL/zX5Yxb/X+ePWfx/kz9m8b82f8zi/9v8MYv/dfljFv/r88cs/jfkj1n8f5c/ZvG/MX/M4n9T/pjF/+b8MYv/7/PHLP5/yB+z+P8xf8zif0v+mMX/T/ljFv9b88cs/rflj1n8b88fs/jfkT9m8f9z/pjF/878MYv/XfljFv+/5I9Z/O/OH7P4/zV/zOL/t/wxi//f88cs/v/IH7P435M/ZvG/N3/M4n9f/pjF//78MYv/A/ljFv8p+WMW/wfzxyz+D+WPWfyn5o9J/OcZ5I9Z/Ifyxyz+o/LHLP6z5I9Z/GfNH7P4j84fs/jPlj9m8Z89f8ziP0f+mMV/zvwxi/9c+WMW/7nzxyz+8+SPWfznzR+z+D8tf8ziP1/+mMV/TP6YxX/+/DGL/9j8MYv/AvljFv8F88cs/k/PH7P4PyN/zOL/zPwxi/9C+WMW/2flj1n8F84fs/g/O3/M4v+c/DGL/yL5Yxb/5+aPWfyflz9m8R+XP2bxf37+mMX/BfljFv8X5o9Z/BfNH7P4L5Y/ZvF/Uf6YxX/x/DGL/xL5Yxb/F+ePWfxfkj9m8X9p/pjF/2X5Yxb/JfPHLP4vzx+z+C+VP2bxXzp/zOK/TP6YxX/Z/DGL/3L5Yxb/5fPHLP6vyB+z+K+QP2bxXzF/zOK/Uv6YxX/l/DGL/yvzxyz+q+SPWfxXzR+z+L8qf8zi/+r8MYv/a/LHLP7j88cs/hPyxyz+E/PHLP6r5Y9Z/FfPH7P4r5E/ZvGflD9m8Z+cP2bxXzN/zOK/Vv6Yxf+1+WMW/9flj1n8184fs/ivkz9m8V83f8zi//r8MYv/evljFv835I9Z/NfPH7P4b5A/ZvHfMH/M4r9R/pjF/435Yxb/jfPHLP6b5I9Z/N+UP2bxf3P+mMX/LfljFv+35o9Z/N+WP2bxf3v+mMX/HfljFv9N88cs/pvlj1n8N88fs/i/M3/M4r9F/pjFf8v8MYv/VvljFv+t88cs/u/KH7P4b5M/ZvF/d/6Yxf89+WMW/23zxyz+2+WPWfy3zx+z+O+QP/aI/1Yn/1f7vzd/zHL+vy9/zOK/Y/6Yxf/9+WMW/53yxyz+H8gfs/h/MH/M4v+h/DGL/875Yxb/XfLHLP675o9Z/D+cP2bx/0j+mMX/o/ljFv/d8scs/h/LH7P4754/ZvHfI3/M4r9n/pjF/+P5Yxb/T+SPWfz3yh+z+H8yf8ziv3f+mMX/U/ljFv9P549Z/PfJH7P475s/ZvHfL3/M4v+Z/DGL/2fzxyz+n8sfs/jvnz9m8T8gf8zi//n8MYv/gfljFv+D8scs/l/IH7P4H5w/ZvE/JH/M4v/F/DGL/5fyxyz+X84fs/h/JX/M4v/V/DGL/9fyxyz+X88fs/h/I3/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/2/mj1n8T8gfs/ifmD9m8T8pf8zif3L+mMX/lPwxi/+38scs/t/OH7P4n5o/ZvE/LX/M4n96/pjF/4z8MYv/d/LHLP5n5o9Z/M/KH7P4n50/ZvH/bv6Yxf97+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOL//fwxi/8P8scs/j/MH7P4/yh/zOL/4/wxi/9P8scs/hfmj1n8L8ofs/j/NH/M4n9x/pjF/2f5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/6r8MYv/z/PHLP6/yB+z+P8yf8zi/6v8MYv/1fljFv9r8scs/r/OH7P4/yZ/zOJ/bf6Yxf+3+WMW/+vyxyz+1+ePWfxvyB+z+P8uf8zif2P+mMX/pvwxi//N+WMW/9/nj1n8/5A/ZvH/Y/6Yxf+W/DGL/5/yxyz+t+aPWfxvyx+z+N+eP2bxvyN/zOL/5/wxi/+d+WMW/7vyxyz+f8kfs/jfnT9m8f9r/pjF/2/5Yxb/v+ePWfz/kT9m8b8nf8zif2/+mMX/vvwxi//9+WMW/wfyxyz+U/LHLP4P5o9Z/B/KH7P4T80fk/jPO8gfs/gP5Y9Z/Eflj1n8Z8kfs/jPmj9m8R+dP2bxny1/zOI/e/6YxX+O/DGL/5z5Yxb/ufLHLP5z549Z/OfJH7P4z5s/ZvF/Wv6YxX++/DGL/5j8MYv//PljFv+x+WMW/wXyxyz+C+aPWfyfnj9m8X9G/pjF/5n5Yxb/hfLHLP7Pyh+z+C+cP2bxf3b+mMX/OfljFv9F8scs/s/NH7P4Py9/zOI/Ln/M4v/8/DGL/wvyxyz+L8wfs/gvmj9m8V8sf8zi/6L8MYv/4vljFv8l8scs/i/OH7P4vyR/zOL/0vwxi//L8scs/kvmj1n8X54/ZvFfKn/M4r90/pjFf5n8MYv/svljFv/l8scs/svnj1n8X5E/ZvFfIX/M4r9i/pjFf6X8MYv/yvljFv9X5o9Z/FfJH7P4r5o/ZvF/Vf6Yxf/V+WMW/9fkj1n8x+ePWfwn5I9Z/Cfmj1n8V8sfs/ivnj9m8V8jf8ziPyl/zOI/OX/M4r9m/pjFf638MYv/a/PHLP6vyx+z+K+dP2bxXyd/zOK/bv6Yxf/1+WMW//Xyxyz+b8gfs/ivnz9m8d8gf8ziv2H+mMV/o/wxi/8b88cs/hvnj1n8N8kfs/i/KX/M4v/m/DGL/1vyxyz+b80fs/i/LX/M4v/2/DGL/zvyxyz+m+aPWfw3yx+z+G+eP2bxf2f+mMV/i/wxi/+W+WMW/63yxyz+W+ePWfzflT9m8d8mf8zi/+78MYv/e/LHLP7b5o9Z/LfLH7P4b58/ZvHfIX/M4v/e/DGL//vyxyz+O+aPWfzfnz9m8d8pf8zi/4H8MYv/B/PHLP4fyh+z+O+cP2bx3yV/zOK/a/6Yxf/D+WMW/4/kj1n8P5o/ZvHfLX/M4v+x/DGL/+75Yxb/PfLHLP575o9Z/D+eP2bx/0T+mMV/r/wxi/8n88cs/nvnj1n8P5U/ZvH/dP6YxX+f/DGL/775Yxb//fLHLP6fyR+z+H82f8zi/7n8MYv//vljFv8D8scs/p/PH7P4H5g/ZvE/KH/M4v+F/DGL/8H5Yxb/Q/LHLP5fzB+z+H8pf8zi/+X8MYv/V/LHLP5fzR+z+H8tf8zi//X8MYv/N/LHLP6H5o9Z/A/LH7P4H54/ZvE/In/M4n9k/pjF/6j8MYv/0fljFv9j8scs/sfmj1n8j8sfs/gfnz9m8f9m/pjF/4T8MYv/ifljFv+T8scs/ifnj1n8T8kfs/h/K3/M4v/t/DGL/6n5Yxb/0/LHLP6n549Z/M/IH7P4fyd/zOJ/Zv6Yxf+s/DGL/9n5Yxb/7+aPWfy/lz9m8T8nf8zif27+mMX/vPwxi//5+WMW/wvyxyz+388fs/j/IH/M4v/D/DGL/4/yxyz+P84fs/j/JH/M4n9h/pjF/6L8MYv/T/PHLP4X549Z/H+WP2bxvyR/zOJ/af6Yxf+y/DGL/+X5Yxb/K/LHLP5X5o9Z/K/KH7P4/zx/zOL/i/wxi/8v88cs/r/KH7P4X50/ZvG/Jn/M4v/r/DGL/2/yxyz+1+aPWfx/mz9m8b8uf8zif33+mMX/hvwxi//v8scs/jfmj1n8b8ofs/jfnD9m8f99/pjF/w/5Yxb/P+aPWfxvyR+z+P8pf8zif2v+mMX/tvwxi//t+WMW/zvyxyz+f84fs/jfmT9m8b8rf8zi/5f8MYv/3fljFv+/5o9Z/P+WP2bx/3v+mMX/H/ljFv978scs/vfmj1n878sfs/jfnz9m8X8gf8ziPyV/zOL/YP6Yxf+h/DGL/9T8MYn/0wb5Yxb/ofwxi/+o/DGL/yz5Yxb/WfPHLP6j88cs/rPlj1n8Z88fs/jPkT9m8Z8zf8ziP1f+mMV/7vwxi/88+WMW/3nzxyz+T8sfs/jPlz9m8R+TP2bxnz9/zOI/Nn/M4r9A/pjFf8H8MYv/0/PHLP7PyB+z+D8zf8ziv1D+mMX/WfljFv+F88cs/s/OH7P4Pyd/zOK/SP6Yxf+5+WMW/+flj1n8x+WPWfyfnz9m8X9B/pjF/4X5Yxb/RfPHLP6L5Y9Z/F+UP2bxXzx/zOK/RP6Yxf/F+WMW/5fkj1n8X5o/ZvF/Wf6YxX/J/DGL/8vzxyz+S+WPWfyXzh+z+C+TP2bxXzZ/zOK/XP6YxX/5/DGL/yvyxyz+K+SPWfxXzB+z+K+UP2bxXzl/zOL/yvwxi/8q+WMW/1Xzxyz+r8ofs/i/On/M4v+a/DGL//j8MYv/hPwxi//E/DGL/2r5Yxb/1UX+c/wL61r81xD5/ytZ/Cflj1n8J+ePWfzXzB+z+K+VP2bxf23+mMX/dfljFv+188cs/uvkj1n8180fs/i/Pn/M4r9e/pjF/w35Yxb/9fPHLP4b5I9Z/DfMH7P4b5Q/ZvF/Y/6YxX/j/DGL/yb5Yxb/N+WPWfzfnD9m8X9L/pjF/635Yxb/t+WPWfzfnj9m8X9H/pjFf9P8MYv/ZvljFv/N88cs/u/MH7P4b5E/ZvHfMn/M4r9V/pjFf+v8MYv/u/LHLP7b5I9Z/N+dP2bxf0/+mMV/2/wxi/92+WMW/+3zxyz+O+SPWfzfmz9m8X9f/pjFf8f8MYv/+/PHLP475Y9Z/D+QP2bx/2D+mMX/Q/ljFv+d88cs/rvkj1n8d80fs/h/OH/M4v+R/DGL/0fzxyz+u+WPWfw/lj9m8d89f8ziv0f+mMV/z/wxi//H88cs/p/IH7P475U/ZvH/ZP6YxX/v/DGL/6fyxyz+n84fs/jvkz9m8d83f8ziv1/+mMX/M/ljFv/P5o9Z/D+XP2bx3z9/zOJ/QP6Yxf/z+WMW/wPzxyz+B+WPWfy/kD9m8T84f8zif0j+mMX/i/ljFv8v5Y9Z/L+cP2bx/0r+mMX/q/ljFv+v5Y9Z/L+eP2bx/0b+mMX/0Pwxi/9h+WMW/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOJ/TP6Yxf/Y/DGL/3H5Yxb/4/PHLP7fzB+z+J+QP2bxPzF/zOJ/Uv6Yxf/k/DGL/yn5Yxb/b+WPWfy/nT9m8T81f8zif1r+mMX/9Pwxi/8Z+WMW/+/kj1n8z8wfs/iflT9m8T87f8zi/938MYv/9/LHLP7n5I9Z/M/NH7P4n5c/ZvE/P3/M4n9B/pjF//v5Yxb/H+SPWfx/mD9m8f9R/pjF/8f5Yxb/n+SPWfwvzB+z+F+UP2bx/2n+mMX/4vwxi//P8scs/pfkj1n8L80fs/hflj9m8b88f8zif0X+mMX/yvwxi/9V+WMW/5/nj1n8f5E/ZvH/Zf6Yxf9X+WMW/6vzxyz+1+SPWfx/nT9m8f9N/pjF/9r8MYv/b/PHLP7X5Y9Z/K/PH7P435A/ZvH/Xf6Yxf/G/DGL/035Yxb/m/PHLP6/zx+z+P8hf8zi/8f8MYv/LfljFv8/5Y9Z/G/NH7P435Y/ZvG/PX/M4n9H/pjF/8/5Yxb/O/PHLP535Y9Z/P+SP2bxvzt/zOL/1/wxi//f8scs/n/PH7P4/yN/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/Kfkj1n8H8wfs/g/lD9m8Z+aPybxn2+QP2bxH8ofs/iPyh+z+M+SP2bxnzX/xzTLyKPFf3T+mMV/tvwxi//s+WMW/znyxyz+c+aPWfznyh+z+M+dP2bxnyd/zOI/b/6Yxf9p+WMW//nyxyz+Y/LHLP7z549Z/Mfmj1n8F8gfs/gvmD9m8X96/pjF/xn5Yxb/Z+aPWfwXyh+z+D8rf8ziv3D+mMX/2fljFv/n5I9Z/BfJH7P4Pzd/zOL/vPwxi/+4/DGL//Pzxyz+L8gfs/i/MH/M4r9o/pjFf7H8MYv/i/LHLP6L549Z/JfIH7P4vzh/zOL/kvwxi/9L88cs/i/LH7P4L5k/ZvF/ef6YxX+p/DGL/9L5Yxb/ZfLHLP7L5o9Z/JfLH7P4L58/ZvF/Rf6YxX+F/DGL/4r5Yxb/lfLHLP4r549Z/F+ZP2bxXyV/zOK/av6Yxf9V+WMW/1fnj1n8X5M/ZvEfnz9m8Z+QP2bxn5g/ZvFfLX/M4r96/pjFf438MYv/pPwxi//k/DGL/5r5Yxb/tfLHLP6vzR+z+L8uf8ziv3b+mMV/nfwxi/+6+WMW/9fnj1n818sfs/i/IX/M4r9+/pjFf4P8MYv/hvljFv+N8scs/m/MH7P4b5w/ZvHfJH/M4v+m/DGL/5vzxyz+b8kfs/i/NX/M4v+2/DGL/9vzxyz+78gfs/hvmj9m8d8sf8ziv3n+mMX/nfljFv8t8scs/lvmj1n8t8ofs/hvnT9m8X9X/pjFf5v8MYv/u/PHLP7vyR+z+G+bP2bx3y5/zOK/ff6YxX+H/DGL/3vzxyz+78sfs/jvmD9m8X9//pjFf6f8MYv/B/LHLP4fzB+z+H8of8ziv3P+mMV/l/wxi/+u+WMW/w/nj1n8P5I/ZvH/aP6YxX+3/DGL/8fyxyz+u+ePWfz3yB+z+O+ZP2bx///Yo6cEUAgACIDZeNm2bdu2bdv1kW3btm3btm3zAnuCduYKc6D/qOX/IP9Ry//B/qOW/0P8Ry3/h/qPWv4P8x+1/B/uP2r5P8J/1PJ/pP+o5f8o/1HL/9H+o5b/Y/xHLf/H+o9a/o/zH7X8H+8/avk/wX/U8n+i/6jl/yT/Ucv/yf6jlv9T/Ect/6f6j1r+T/Mftfyf7j9q+T/Df9Tyf6b/qOX/LP9Ry//Z/qOW/3P8Ry3/5/qPWv7P8x+1/J/vP2r5v8B/1PJ/of+o5f8i/1HL/8X+o5b/S/xHLf+X+o9a/i/zH7X8X+4/avm/wn/U8n+l/6jl/yr/Ucv/1f6jlv9r/Ect/9f6j1r+r/Mftfxf7z9q+b/Bf9Tyf6P/qOX/Jv9Ry//N/qOW/1v8Ry3/t/qPWv5v8x+1/N/uP2r5v8N/1PJ/p/+o5f8u/1HL/93+o5b/e/xHLf/3+o9a/u/zH7X83+8/avl/wH/U8v+g/6jl/yH/Ucv/w/6jlv9H/Ect/4/6j1r+H/Mftfw/7j9q+X/Cf9Ty/6T/qOX/Kf9Ry//T/qOW/2f8Ry3/z/qPWv6f8x+1/D/vP2r5f8F/1PL/ov+o5f8l/1HL/8v+o5b/V/xHLf+v+o9a/l/zH7X8v+4/avl/w3/U8v+m/6jl/y3/Ucv/2/6jlv93/Ect/+/6j1r+3/Mftfy/7z9q+f/Af9Ty/6H/qOX/I/9Ry//H/qOW/0/8Ry3/n/qPWv4/8x+1/H/uP2r5/8J/1PL/pf+o5f8r/1HL/9f+o5b/b/xHLf/f+o9a/r/zH7X8f+8/avn/wX/U8v+j/6jl/yf/Ucv/z/6jlv9f/Ect/7/6j1r+f/Mftfz/7j9q+f/Df9Ty/6f/qOX/L/9Ry//f/qOW/3/8Ry3///qPSv4HDOQ/avkf2H/U8j+I/6jlf1D/Ucv/YP6jlv/B/Uct/0P4j1r+h/QftfwP5T9q+R/af9TyP4z/qOV/WP9Ry/9w/qOW/+H9Ry3/I/iPWv5H9B+1/A/wH7X8j+Q/avkf2X/U8j+K/6jlf1T/Ucv/aP6jlv/R/Uct/2P4j1r+x/QftfyP5T9q+R/bf9TyP47/qOV/XP9Ry/94/qOW//H9Ry3/E/iPWv4n9B+1/E/kP2r5n9h/1PI/if+o5X9S/1HL/2T+o5b/yf1HLf9T+I9a/qf0H7X8T+U/avmf2n/U8j+N/6jlf1r/Ucv/dP6jlv/p/Uct/zP4j1r+Z/QftfzP5D9q+Z/Zf9TyP4v/qOV/Vv9Ry/9s/qOW/9n9Ry3/c/iPWv7n9B+1/M/lP2r5n9t/1PI/j/+o5X9e/1HL/3z+o5b/+f1HLf8L+I9a/hf0H7X8L+Q/avlf2H/U8r+I/6jlf1H/Ucv/Yv6jlv/F/Uct/0v4j1r+l/Qftfwv5T9q+V/af9Tyv4z/qOV/Wf9Ry/9y/qOW/+X9Ry3/K/iPWv5X9B+1/K/kP2r5X9l/1PK/iv+o5X9V/1HL/2r+o5b/1f1HLf9r+I9a/tf0H7X8r+U/avlf23/U8r+O/6jlf13/Ucv/ev6jlv/1/Uct/xv4j1r+N/Qftfxv5D9q+d/Yf9Tyv4n/qOV/U/9Ry/9m/qOW/839Ry3/W/iPWv639B+1/G/lP2r539p/1PK/jf+o5X9b/1HL/3b+o5b/7f1HLf87+I9a/nf0H7X87+Q/avnf2X/U8r+L/6jlf1f/Ucv/bv6jlv/d/Uct/3v4j1r+9/Qftfzv5T9q+d/bf9Tyv4//qOV/X/9Ry/9+/qOW//39Ry3/B/iP/nf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAf+zbbWydZeHH8bvbOsb+/JMRF1yGJptcKCTCbPeQ8YKwydhWB914HgMc3dqNjXabXYddAffwYhIhPEgyyRIlypahhJnQSAwEK4ho0EVNNPgAiEIUjRMh6Ja4WHPa09Ieu8Zz1etalM/nRc+577Pfva3Jd/e9wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/ns1NC48Mr5m2KnxQw8+eLil73XO0ZU3H/htz4UDr+WPl41wyXFDD3p7e3vnPDd7R/nwlKIoSj/bzvLxpMpx6fo767/Q2X8UFvS8tOT4lJ83Hjmw5vRH6rqP3l/bd7a2uGndhtaWj40rinBxbdFZOqirKYqwuLa4r3RQXzpYUls8UjqY3XdwavHt0sH5aze3NpdOLI3+nsH/iobGncX4YcUWw/40GNr/zvpv3TnwOsolB642oSj3f0XX99+q+GzACfofuH5YWNl/1b9B4ISq6/+FBQOvo1zyX+7/k59a9cpIn524/4Hrh4/rH9IZ4fl/WKOVz/0Vz/8zRrjk4P6qmq7jpf4vve3ZmeVTE/6d5/93rx8urux/3LDn/9Jz/KKB5/9TiiJcMsZvB7ynNDTuOjLa/X/0/idMr9jUDO3/jPbN+0v9P77ke0+UT9VW2f+iUe7/45ZW/FqB6jQ0frm34v5fRf/FR0a45GD/bz/x64dL/T/2+wfOHPJZNf1fUtn/rI62LbO2bu86b0Nb0/qW9S2b6mbPnzOvvm7eBXNn9T0S9H8d43cF3hvGdv8vJldsaoqiZXB/TfeBp0v9z33wwTnlU5Oq7H/xqPf/Ge7/MKIPjSsmTiw6mzo62uv6vw4c1vd/7f9hI/Rfxd//zzqn/MNqy681RTFtcH/XmXevKPX/zqFnd5dPTayy/yWj9r9g8OcFIozx/t9csRnW/8FDL/U9/y+79+AZ5VPV/v1/6aj9v+r+D2PR0FjxP/z8h5X631VcFtlpaPDf/yCdHP0/9s4NPXHr8An9Qzo5+v/d546eG7cOy/QP6eTof8LGB56PW4dL9Q/p5Oh/+dT5K+LW4TL9Qzo5+l/76rl/jluHRv1DOjn6P+dLuzvj1mG5/iGdHP0/1D5nW9w6rNA/pJOj/5+e9tBrcetwuf4hnRz9Hzt2z41x63CF/iGdHP137zn7B3HrcKX+IZ0c/V++bmGIW4er9A/p5Oh/+rQ/Ph63DlfrH9LJ0f+8P/39tLh1uEb/kE6O/u/4/Ip9cetwrf4hnRz9j7/+lRfj1mGl/iGdHP0vPXvbwrh1uE7/kE6O/pt/0twbtw6r9A/p5Oh/1td/tCFuHa7XP6STo//Dyx/dE7cON+gf0snR/566YkrcOtyof0gnR/9f++7ph+LW4ZP6h3Ry9P+bp56cH7cOq/UP6eTo/7kP3P6NuHW4Sf+QTo7+713z4llx69Ckf0gnR/8P733+i3HrsEb/kE6O/t94o+3/4tZhrf4hnRz9T5506utx69Csf0gnR/8Lb/1Ke9w6tOgf0snRf9vu7h/GrcM6/UM6Ofr/8PFpq+LWYb3+IZ0c/a+cu/f9cetws/4hnRz9v2/Zhbvi1mGD/iGdHP1f1PPRi+LWYaP+IZ0c/Xc889mvxq3DLfqHdHL0v3fma4vj1qFV/5BOjv5fXr30x3Hr0KZ/SCdH/289et2muHXYpH9IJ0f/T/7s7WNx67BZ/5BOjv7//4JFf41bhy36h3Ry9L94yZtr49bhU/qHdHL0v7H7Hy/HrUO7/iGdHP3PPHz1srh12Kp/SCdH/985r25/3Dp06B/SydH/nVfuq49bh236h3Ry9L//4F13x63DrfqHdHL0/+YvZkyPW4dP6x/SydH//VMOXRu3Dp36h3Ry9P/LTbXPxK3Ddv1DOjn6/9u+qTvi1qFL/5BOjv6ffr3nD3HrcJv+IZ0c/a+e8KuJcetwu/4hnRz9T+3acl/cOtyhf0gnR//z72k6P24dPqN/SCdH/1v/8sI349Zhh/4hna3bu25pam1taffGG2+8GXxzsv9kAlJ7N/qT/SsBAAAAAAAAAAAAAABOJMc/JzrZv0cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+yQ4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRC9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBXAAAA//+O1eBI") quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f00000000c0)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f00000002c0)={0x83, 0x0, 0xfffffffffffffffc, 0x0, 0x200000004, 0x4000000, 0x401, 0x2, 0x4040c425}) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) 948.968932ms ago: executing program 3 (id=11603): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x1}) 782.350565ms ago: executing program 6 (id=11604): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000000)="4c000000010001", 0x7) 755.194659ms ago: executing program 0 (id=11605): syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000040)='./file0\x00', 0xcc04, &(0x7f0000000200)={[{@dots}, {@fat=@errors_continue}, {@nodots}, {@fat=@flush}, {@fat=@dos1xfloppy}, {@fat=@errors_remount}, {@dots}, {@dots}, {@nodots}, {@fat=@quiet}, {@dots}, {@nodots}, {@nodots}, {@dots}, {@nodots}, {@fat=@nocase}, {@dots}, {@nodots}, {@fat=@time_offset={'time_offset', 0x3d, 0x5}}, {@dots}, {@fat=@check_strict}, {@dots}]}, 0xfd, 0x207, &(0x7f0000000780)="$eJzs3b2OElEUAOADsjAYi+1MTEzGWGi1UZ9gjVkTI4nJGgrtTLSSamlgm93H8BV8JSsLKyuzFY25Bmf4EVlcSWB09/sKODPnXu69MzDQcCZF4cvND5Fltajvx36MarEb9Zg4DQDgMhmlFN9SYbrzc6VTAgA2bOn3/1Q2fvhewbQAgA16+er188edzsFhnmcRZ6eD7qBbPBf5p886Bw/yn3Znvc4Gg+61af5hvvjbYZzfietl/lHRP5+mmxHRbcb9u0V+nHvyopP/2r8Vbze8dgAAAAAAAAAAAAAAAAAAAAAAqMrtyCeW1vfZ21vMt8t8sTVXH2ihfk8jbjXKzVl5oHSyjUUBAAAAAAAAAAAAAAAAAADAf6Y/PH7/ptd7dzQLWhExv6expM35Qa184Qs1rj6of/pazPcvu7fLZa4xaK08RJtdYHv5yb1IEI1/5eysG+RbGKu98vCmNA7mPwVp+m6ZlMU4t3szIlaPfu9w3cmPUkq9j3eO+sNIKxvPrhGt7V2OAAAAAAAAAAAAAAAAAADgSusPa5N/ff8mq2JCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFCB/vC4vP//GsFJRNyIPzaejLUTWbWLBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4NL6EQAA//+0XiJG") r0 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00') pread64(r0, &(0x7f0000002240)=""/237, 0xed, 0x619) 618.300225ms ago: executing program 3 (id=11606): r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000002c0)={0x1, 0x5}, 0x2) write$USERIO_CMD_REGISTER(r0, &(0x7f00000000c0), 0x2) 391.160205ms ago: executing program 0 (id=11607): syz_mount_image$hfs(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="747970653dbcaeaad02c636f6465706167653d6d616363656e746575726f2c71756965742c6769643d", @ANYRESHEX=0x0, @ANYBLOB="2c696f636861727365743d61736369692c00d0a8ec5a8890d9d4633918a2987ec6ac65d89ba6a0bd63fd96f96c3fb4f466427906b003f094f4af9e914718a353af395b6bce5e7ceb326d22f8e0aa6cf83fa438fda2026de6d1ad2d1c38e021e414ce150a41bf70f7fd2f86a9ade73fafb467c81cb59813d68600000000000000093700004eeda023fe7ec1e7c3069db2dac8990e273ddc3fa7581ad2139ed6299c36911207f114373bef12ca0219aeb4d0e69462402b7a5e8a8e4096fdc1aba2530b7d42418edb34b22302b2f059681e2f108dbd979e92ca86be0c769567bddcdc496bf81fa481086c17956e089e4ef69d0858b9f099557de60cfcc6b954fad7c4024e732e0f5635bc2182773a0d7f702cf13a2920768d000000000000"], 0x5, 0x2e5, &(0x7f0000000800)="$eJzs3T9v004cx/HPOUmb/lF//rVFSCygQiVYKgoMiCUIZWVnQkCTShVREW2RgIWCGBEPgJ2nwINgAfEEYGJip5vRXS6u09huI+q4Ke+XVMu+3Nlf5+zcfS2BBeCfdaf5/eP1n/bPSBU1JN2SAkl1qSrpjM7Wn23ubOx02q28HVVcC/tn1G1pBuqsbbbTmtp2roUX2q2qZpNlKEYURbd/lB0ESufu/hSBNKnqZLxdH2VQBdpV7XzZMYxasoN/28VzzZUXDQDgJPDjf+CHiVlXZBQE0rIf9t3wcVrG/72yAzheNzoDRVFuA7OnPT/+uywrMrZ//3Mf7ed7LoWznwe9LPEowdQObE+oe2X1TTDNYVmliyWYWt+oamXttVqB3qjhJaotumWre+n2HBLtUkpumiN7bzXdne6ejZ1RDuiFtL7RabspdEr8C8Md8e+Zz+aruW9CfVArnv9VI2O7yfVUeKCngpqN/2rW/qqaca1sLfm0v9FoBH2V/nc1z/kjeINnaZJfYj09I0nus/eAYDeOIDtOf+x59T9W6J7d6iGtFtJahfFWRqvFvlYVfyWsrD3p5D5KKUbvFM17c88s6Zc+qZmILrDxLStxZ+b91BtX018Z3fOZSK9ZdTXDgZFjv6cvxBF4k8OeGiQN+bTsnR7ppua2X7x8XOl02lt25WHKytPZLeNLam+l1DrFr1SUU0e7+yWR9SqKjrrnqMjgrxzrDu3vR1xib5+0yvYui0uCYQ+hY/0SamVdLYWvNL8o74Icn5UokjI+Kux3CifItul1ui+YKjkgjJqdd5lu/udm8n5W51IkuwhzspH8JFN9e1yNM7j+qeC8W04PlcHNZGdwiSNey8gZXc518bJ0KVFolHvE0Md5SpimvukBz/8BAAAAAAAAAAAAAAAAAADGzSj+pUHZ5wgAAAAAAAAAAAAAAAAAAAAAwLg78P7fypHe/5v2f8S79/+GvP8XGCN/AgAA//+a43c+") r0 = socket$unix(0x1, 0x5, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 375.938599ms ago: executing program 6 (id=11608): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) sendfile(r1, r0, &(0x7f00000000c0)=0x58, 0x5) 94.255046ms ago: executing program 0 (id=11609): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x13, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000fcffffff000000008000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b0000000180100002020784400000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x11}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 4.404858ms ago: executing program 2 (id=11610): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3) 0s ago: executing program 3 (id=11622): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = epoll_create(0x3) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000180)) kernel console output (not intermixed with test programs): 1][ T5916] usb 10-1: New USB device found, idVendor=04f2, idProduct=1236, bcdDevice= 0.00 [ 1210.926259][ T5916] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1210.937721][ T5916] usb 10-1: config 0 descriptor?? [ 1211.077907][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state [ 1211.085131][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1211.099941][ T1091] bridge0: port 2(bridge_slave_1) entered blocking state [ 1211.107102][ T1091] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1211.199693][T31207] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1211.415883][ T5916] chicony 0003:04F2:1236.0049: item fetching failed at offset 1/5 [ 1211.453964][ T5916] chicony 0003:04F2:1236.0049: Chicony hid parse failed: -22 [ 1211.540851][ T5916] chicony 0003:04F2:1236.0049: probe with driver chicony failed with error -22 [ 1211.592979][ T5916] usb 10-1: USB disconnect, device number 5 [ 1211.635571][T31564] loop3: detected capacity change from 0 to 4096 [ 1211.785237][T31569] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1211.832598][T31327] bridge0: port 1(bridge_slave_0) entered blocking state [ 1211.851444][ T30] audit: type=1800 audit(2000000217.899:521): pid=31564 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.10789" name="file2" dev="loop3" ino=16 res=0 errno=0 [ 1211.852233][T31327] bridge0: port 1(bridge_slave_0) entered disabled state [ 1211.943626][T31327] bridge_slave_0: entered allmulticast mode [ 1211.964471][T31327] bridge_slave_0: entered promiscuous mode [ 1211.973815][T31327] bridge0: port 2(bridge_slave_1) entered blocking state [ 1211.981110][T31327] bridge0: port 2(bridge_slave_1) entered disabled state [ 1211.989273][T31327] bridge_slave_1: entered allmulticast mode [ 1211.997685][T31327] bridge_slave_1: entered promiscuous mode [ 1212.014191][T31209] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1212.074180][T27260] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 1212.265241][T27260] usb 9-1: config 27 interface 0 altsetting 0 has an endpoint descriptor with address 0x15, changing to 0x5 [ 1212.320433][T27260] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1212.329428][T31327] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1212.391597][T27260] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1212.405064][T31327] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1212.435628][T27260] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1212.475905][T27260] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1212.523173][T31570] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 1212.539751][T27260] usb 9-1: Quirk or no altset; falling back to MIDI 1.0 [ 1212.596659][T27260] usb 9-1: invalid MIDI in EP 0 [ 1212.857036][T27260] snd-usb-audio 9-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 1212.901879][T27260] usb 9-1: USB disconnect, device number 4 [ 1212.909554][T31579] bridge0: port 2(bridge_slave_1) entered disabled state [ 1212.917359][T31579] bridge0: port 1(bridge_slave_0) entered disabled state [ 1213.073693][T31579] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1213.091883][T31579] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1213.243804][T31327] team0: Port device team_slave_0 added [ 1213.308409][T17465] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1213.353566][T17465] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1213.448039][T31327] team0: Port device team_slave_1 added [ 1213.575743][T31589] netlink: 'syz.3.10787': attribute type 1 has an invalid length. [ 1213.601186][T17465] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1213.618441][T31589] netlink: 216 bytes leftover after parsing attributes in process `syz.3.10787'. [ 1213.627767][T17465] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1213.786784][T31327] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1213.818446][T31327] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1213.860153][T27260] usb 10-1: new full-speed USB device number 6 using dummy_hcd [ 1213.879229][T31596] loop8: detected capacity change from 0 to 128 [ 1213.895210][T31327] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1213.933164][T31596] UDF-fs: error (device loop8): udf_read_tagged: read failed, block=256, location=256 [ 1213.968827][T31327] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1213.976654][T31327] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1214.024876][T31596] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1214.033018][T27260] usb 10-1: config 0 has an invalid interface number: 133 but max is 0 [ 1214.059945][T27260] usb 10-1: config 0 has no interface number 0 [ 1214.066986][T31327] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1214.082290][T27260] usb 10-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 1214.091666][T27260] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1214.114683][T27260] usb 10-1: Product: syz [ 1214.119001][T27260] usb 10-1: Manufacturer: syz [ 1214.134702][T27260] usb 10-1: SerialNumber: syz [ 1214.171632][T27260] usb 10-1: config 0 descriptor?? [ 1214.233159][T31207] veth0_vlan: entered promiscuous mode [ 1214.385383][T31327] hsr_slave_0: entered promiscuous mode [ 1214.430593][T27260] keyspan 10-1:0.133: Keyspan 1 port adapter converter detected [ 1214.450895][T31327] hsr_slave_1: entered promiscuous mode [ 1214.476526][T31209] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1214.479399][T27260] keyspan 10-1:0.133: found no endpoint descriptor for endpoint 81 [ 1214.503148][T27260] keyspan 10-1:0.133: found no endpoint descriptor for endpoint 1 [ 1214.519388][T31207] veth1_vlan: entered promiscuous mode [ 1214.532723][T27260] keyspan 10-1:0.133: found no endpoint descriptor for endpoint 2 [ 1214.552369][T27260] usb 10-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 1214.672797][T31605] loop3: detected capacity change from 0 to 512 [ 1214.693311][T31605] EXT4-fs: Ignoring removed oldalloc option [ 1214.707485][T31605] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 1214.749392][T31605] EXT4-fs (loop3): 1 truncate cleaned up [ 1214.820248][T31605] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1214.863357][T31605] EXT4-fs error (device loop3): mb_free_blocks:2014: group 0, inode 16: block 33:freeing already freed block (bit 32); block bitmap corrupt. [ 1214.878516][T31605] EXT4-fs (loop3): Remounting filesystem read-only [ 1214.890844][T27260] usb 10-1: USB disconnect, device number 6 [ 1214.893772][T31605] fs-verity (loop3, inode 15): Error -117 getting verity descriptor size [ 1214.975041][T27260] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 1215.004352][T27260] keyspan 10-1:0.133: device disconnected [ 1215.044919][T31202] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1215.090241][T30271] IPVS: stop unused estimator thread 0... [ 1215.116711][T30271] IPVS: stop unused estimator thread 0... [ 1215.144162][T31207] veth0_macvtap: entered promiscuous mode [ 1215.305845][T31207] veth1_macvtap: entered promiscuous mode [ 1215.399409][T31209] veth0_vlan: entered promiscuous mode [ 1215.588773][T31207] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1215.647857][T31207] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1215.849735][T17475] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1215.900597][T17475] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1215.935404][T31209] veth1_vlan: entered promiscuous mode [ 1215.982239][ T6046] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 1215.992379][T17475] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1216.015491][T17475] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1216.162021][ T6046] usb 9-1: Using ep0 maxpacket: 16 [ 1216.193596][ T6046] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1216.228568][ T6046] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1216.261838][ T6046] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1216.287737][T31631] loop9: detected capacity change from 0 to 64 [ 1216.299901][ T6046] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1216.330782][ T6046] usb 9-1: Product: syz [ 1216.344976][ T6046] usb 9-1: Manufacturer: syz [ 1216.350751][ T6046] usb 9-1: SerialNumber: syz [ 1216.533960][T31633] loop3: detected capacity change from 0 to 512 [ 1216.566742][T31633] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 1216.638631][ T6046] usb 9-1: 0:2 : does not exist [ 1216.670405][T31633] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002] [ 1216.673501][ T6046] usb 9-1: 5:0: failed to get current value for ch 0 (-22) [ 1216.707353][T31633] EXT4-fs error (device loop3): ext4_iget_extra_inode:5103: inode #15: comm syz.3.10809: corrupted in-inode xattr: e_value size too large [ 1216.745860][T31633] EXT4-fs error (device loop3): ext4_orphan_get:1395: comm syz.3.10809: couldn't read orphan inode 15 (err -117) [ 1216.803149][T31633] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1216.854619][ T6046] usb 9-1: USB disconnect, device number 5 [ 1216.965415][T31202] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1216.978034][ T5866] udevd[5866]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1217.130400][T31636] bridge0: port 2(bridge_slave_1) entered disabled state [ 1217.138219][T31636] bridge0: port 1(bridge_slave_0) entered disabled state [ 1217.308566][T31636] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1217.310276][T31642] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10811'. [ 1217.326566][T31636] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1217.639433][T31209] veth0_macvtap: entered promiscuous mode [ 1217.754033][T31653] loop9: detected capacity change from 0 to 164 [ 1217.813394][T17465] netdevsim netdevsim9 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1217.854507][T31209] veth1_macvtap: entered promiscuous mode [ 1217.867307][ T10] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 1218.041857][T30271] netdevsim netdevsim9 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1218.068510][T30271] netdevsim netdevsim9 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1218.087435][ T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 50557, setting to 1024 [ 1218.115041][ T10] usb 9-1: New USB device found, idVendor=5543, idProduct=0005, bcdDevice= 0.00 [ 1218.145193][ T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1218.164326][T30562] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1218.186996][ T10] usb 9-1: config 0 descriptor?? [ 1218.202636][T30562] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1218.217384][T31649] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 1218.224786][T30271] netdevsim netdevsim9 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1218.280227][T31209] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1218.379577][T31209] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1218.429269][T17465] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1218.463004][T30806] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1218.490306][T17465] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1218.537391][T30806] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1218.584744][T30806] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1218.736221][ T10] uclogic 0003:5543:0005.004A: unknown main item tag 0x0 [ 1218.755451][ T10] uclogic 0003:5543:0005.004A: unknown main item tag 0x0 [ 1218.772742][ T10] uclogic 0003:5543:0005.004A: hidraw0: USB HID v0.00 Device [HID 5543:0005] on usb-dummy_hcd.8-1/input0 [ 1218.781371][T30806] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1218.976904][T27260] usb 9-1: USB disconnect, device number 6 [ 1219.118008][T31669] fido_id[31669]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory [ 1219.429974][T31327] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1219.499458][T31327] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1219.550674][T31327] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1219.636843][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1219.648135][T31327] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1219.677097][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1220.058105][T31691] bridge0: port 2(bridge_slave_1) entered disabled state [ 1220.065921][T31691] bridge0: port 1(bridge_slave_0) entered disabled state [ 1220.250167][T31691] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1220.275945][T31691] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1220.569658][T30806] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1220.603027][T30806] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1220.614441][T30806] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1220.624632][T30806] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1220.658775][T30806] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1220.678911][T30806] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1220.866523][T31719] loop3: detected capacity change from 0 to 128 [ 1221.003328][T31724] loop9: detected capacity change from 0 to 2048 [ 1221.025831][T31327] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1221.045619][T31727] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10694'. [ 1221.058952][T31724] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1221.119280][T31327] 8021q: adding VLAN 0 to HW filter on device team0 [ 1221.132252][ T10] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 1221.162899][ T43] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 1221.183379][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 1221.190556][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1221.291866][T17475] bridge0: port 2(bridge_slave_1) entered blocking state [ 1221.299126][T17475] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1221.305310][T31730] loop3: detected capacity change from 0 to 64 [ 1221.343648][ T10] usb 9-1: Using ep0 maxpacket: 8 [ 1221.373979][ T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1221.382551][ T43] usb 7-1: Using ep0 maxpacket: 16 [ 1221.421770][ T43] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1221.442466][ T10] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1221.453830][ T43] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1221.523005][ T43] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1221.529538][ T10] usb 9-1: New USB device found, idVendor=0757, idProduct=0a00, bcdDevice= 0.00 [ 1221.549216][ T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1221.553350][ T43] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1221.601488][ T10] usb 9-1: config 0 descriptor?? [ 1221.632953][ T43] usb 7-1: Product: syz [ 1221.637172][ T43] usb 7-1: Manufacturer: syz [ 1221.697880][ T43] usb 7-1: SerialNumber: syz [ 1221.987178][ T43] usb 7-1: 0:2 : does not exist [ 1222.020780][ T43] usb 7-1: 5:0: failed to get current value for ch 0 (-22) [ 1222.096472][ T10] nti 0003:0757:0A00.004B: unknown main item tag 0x3 [ 1222.141619][ T10] nti 0003:0757:0A00.004B: unknown main item tag 0x2 [ 1222.161108][ T10] nti 0003:0757:0A00.004B: unknown main item tag 0x3 [ 1222.174652][ T43] usb 7-1: USB disconnect, device number 13 [ 1222.215398][ T10] nti 0003:0757:0A00.004B: unknown global tag 0xd [ 1222.233090][T26494] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 1222.271144][ T10] nti 0003:0757:0A00.004B: item 0 0 1 13 parsing failed [ 1222.311261][ T10] nti 0003:0757:0A00.004B: probe with driver nti failed with error -22 [ 1222.318924][ T5866] udevd[5866]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1222.412862][ T10] usb 9-1: USB disconnect, device number 7 [ 1222.454678][T26494] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1222.496909][T26494] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1222.565353][T26494] usb 3-1: config 0 descriptor?? [ 1222.817402][T31754] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 1222.824627][T26494] udl 3-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 1222.896411][T31327] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1223.026674][T26494] [drm:udl_init] *ERROR* Selecting channel failed [ 1223.087902][T26494] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2 [ 1223.117887][T31327] veth0_vlan: entered promiscuous mode [ 1223.159310][T26494] [drm] Initialized udl on minor 2 [ 1223.212918][T26494] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1223.229926][T31327] veth1_vlan: entered promiscuous mode [ 1223.262442][T26494] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 1223.303998][ T5909] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1223.314527][T26494] usb 3-1: USB disconnect, device number 43 [ 1223.382645][ T5909] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 1223.456694][T31327] veth0_macvtap: entered promiscuous mode [ 1223.540582][T31327] veth1_macvtap: entered promiscuous mode [ 1223.582029][T31772] loop6: detected capacity change from 0 to 164 [ 1223.646650][T31327] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1223.707063][T31327] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1223.829093][ T3448] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1223.852755][ T3448] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1223.861556][ T3448] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1223.997969][ T3448] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1224.663255][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1224.713500][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1224.852381][T30562] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1224.897435][T30562] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1225.428211][T31775] loop9: detected capacity change from 0 to 32768 [ 1225.516309][T31796] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 1225.623274][T31779] loop3: detected capacity change from 0 to 32768 [ 1225.931746][T31803] random: crng reseeded on system resumption [ 1226.308399][ T43] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 1226.482156][ T43] usb 3-1: Using ep0 maxpacket: 16 [ 1226.508148][ T43] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1226.539290][T31817] netlink: 40 bytes leftover after parsing attributes in process `syz.3.10860'. [ 1226.548451][ T43] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1226.595929][ T43] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1226.640712][ T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1226.669328][ T5909] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 1226.670388][ T43] usb 3-1: Product: syz [ 1226.709752][ T43] usb 3-1: Manufacturer: syz [ 1226.726206][ T43] usb 3-1: SerialNumber: syz [ 1226.882338][ T6046] usb 10-1: new high-speed USB device number 7 using dummy_hcd [ 1226.888910][ T5909] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1226.930108][ T5909] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1226.973569][ T5909] usb 1-1: config 0 descriptor?? [ 1226.981518][ T43] usb 3-1: 0:2 : does not exist [ 1227.001119][ T5909] cp210x 1-1:0.0: cp210x converter detected [ 1227.063000][ T43] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 1227.080532][ T6046] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1227.124018][ T6046] usb 10-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1227.174180][ T6046] usb 10-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1227.199116][ T43] usb 3-1: USB disconnect, device number 44 [ 1227.221510][ T6046] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1227.282547][T31820] raw-gadget.2 gadget.9: fail, usb_ep_enable returned -22 [ 1227.369993][ T6046] usb 10-1: Quirk or no altset; falling back to MIDI 1.0 [ 1227.575738][ T5866] udevd[5866]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1227.628744][T31805] loop8: detected capacity change from 0 to 32768 [ 1227.641242][ T5909] cp210x 1-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 1227.657562][ T6046] usb 10-1: USB disconnect, device number 7 [ 1227.671796][ T5909] cp210x 1-1:0.0: GPIO initialisation failed: -71 [ 1227.744816][ T5909] usb 1-1: cp210x converter now attached to ttyUSB0 [ 1227.783975][ T5909] usb 1-1: USB disconnect, device number 47 [ 1227.803106][T31805] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode. [ 1227.829224][ T5909] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1227.837831][ T5909] cp210x 1-1:0.0: device disconnected [ 1228.285437][T30098] ocfs2: Unmounting device (7,8) on (node local) [ 1228.885061][T31863] netlink: 32 bytes leftover after parsing attributes in process `syz.6.10879'. [ 1228.926161][T31865] loop9: detected capacity change from 0 to 64 [ 1229.101077][T31868] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10881'. [ 1229.746680][T31882] netlink: 8 bytes leftover after parsing attributes in process `syz.9.10896'. [ 1229.796650][T31875] loop6: detected capacity change from 0 to 32768 [ 1229.864778][T31875] gfs2: fsid=norecovery: Trying to join cluster "lock_nolock", "norecovery" [ 1229.875272][T31875] gfs2: fsid=norecovery: Now mounting FS (format 0)... [ 1229.896345][T31875] syz.6.10882: attempt to access beyond end of device [ 1229.896345][T31875] loop6: rw=12288, sector=18446744073709551608, nr_sectors = 8 limit=32768 [ 1229.912330][T31875] gfs2: fsid=norecovery.s: fatal: filesystem consistency error - inode = 1 19, function = gfs2_jdesc_check, file = fs/gfs2/super.c, line = 119 [ 1229.928011][T31875] gfs2: fsid=norecovery.s: G: s:SH n:2/13 f:aqob t:SH d:EX/0 a:0 v:0 r:2 m:20 p:2 [ 1229.937419][T31875] gfs2: fsid=norecovery.s: H: s:SH f:eEcH e:0 p:31875 [syz.6.10882] init_inodes+0x113b/0x2eb0 [ 1229.947910][T31875] gfs2: fsid=norecovery.s: I: n:1/19 t:8 f:0x00 d:0x00000200 s:8388608 p:0 [ 1229.957835][T31875] gfs2: fsid=norecovery.s: about to withdraw this file system [ 1229.965395][T31875] gfs2: fsid=norecovery.s: Journal recovery skipped for jid 0 until next mount. [ 1229.976066][T31875] gfs2: fsid=norecovery.s: Glock dequeues delayed: 0 [ 1229.983289][T31875] gfs2: fsid=norecovery.s: File system withdrawn [ 1229.989671][T31875] CPU: 1 UID: 0 PID: 31875 Comm: syz.6.10882 Not tainted 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) [ 1229.989723][T31875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1229.989747][T31875] Call Trace: [ 1229.989759][T31875] [ 1229.989774][T31875] dump_stack_lvl+0x16c/0x1f0 [ 1229.989835][T31875] gfs2_withdraw+0xa8b/0x1130 [ 1229.989898][T31875] ? __pfx_gfs2_withdraw+0x10/0x10 [ 1229.989953][T31875] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1229.990025][T31875] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1229.990080][T31875] gfs2_jdesc_check+0x2b0/0x2f0 [ 1229.990145][T31875] check_journal_clean+0x13c/0x350 [ 1229.990195][T31875] ? __pfx_check_journal_clean+0x10/0x10 [ 1229.990251][T31875] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1229.990297][T31875] ? do_raw_spin_lock+0x12c/0x2b0 [ 1229.990336][T31875] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1229.990384][T31875] ? find_held_lock+0x2b/0x80 [ 1229.990435][T31875] ? init_inodes+0x113b/0x2eb0 [ 1229.990485][T31875] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1229.990534][T31875] ? do_raw_spin_unlock+0x172/0x230 [ 1229.990576][T31875] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1229.990621][T31875] ? _raw_spin_unlock+0x28/0x50 [ 1229.990672][T31875] ? gfs2_jdesc_find+0xbf/0x100 [ 1229.990733][T31875] init_inodes+0x113b/0x2eb0 [ 1229.990806][T31875] ? __pfx_init_inodes+0x10/0x10 [ 1229.990866][T31875] ? gfs2_fill_super+0x1be2/0x2d30 [ 1229.990915][T31875] ? init_sb+0xa50/0x10d0 [ 1229.990972][T31875] ? __pfx_snprintf+0x10/0x10 [ 1229.991056][T31875] ? gfs2_fill_super+0x1be2/0x2d30 [ 1229.991106][T31875] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1229.991152][T31875] gfs2_fill_super+0x1be2/0x2d30 [ 1229.991201][T31875] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1229.991267][T31875] ? __pfx_gfs2_fill_super+0x10/0x10 [ 1229.991324][T31875] ? gfs2_fill_super+0x1875/0x2d30 [ 1229.991376][T31875] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1229.991423][T31875] ? set_blocksize+0x406/0x500 [ 1229.991478][T31875] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1229.991526][T31875] ? sb_set_blocksize+0x176/0x1d0 [ 1229.991577][T31875] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1229.991635][T31875] get_tree_bdev_flags+0x38c/0x620 [ 1229.991695][T31875] ? __pfx_gfs2_fill_super+0x10/0x10 [ 1229.991750][T31875] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 1229.991809][T31875] ? rcu_is_watching+0x12/0xc0 [ 1229.991856][T31875] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1229.991911][T31875] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1229.991958][T31875] ? apparmor_capable+0x114/0x1d0 [ 1229.992028][T31875] gfs2_get_tree+0x4e/0x280 [ 1229.992083][T31875] vfs_get_tree+0x8e/0x340 [ 1229.992133][T31875] path_mount+0x1482/0x1fd0 [ 1229.992184][T31875] ? __pfx_path_mount+0x10/0x10 [ 1229.992227][T31875] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1229.992275][T31875] ? kmem_cache_free+0x2d1/0x4d0 [ 1229.992332][T31875] ? putname+0x154/0x1a0 [ 1229.992380][T31875] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1229.992428][T31875] ? putname+0x154/0x1a0 [ 1229.992475][T31875] ? __x64_sys_mount+0x28d/0x310 [ 1229.992513][T31875] __x64_sys_mount+0x28d/0x310 [ 1229.992556][T31875] ? __pfx___x64_sys_mount+0x10/0x10 [ 1229.992595][T31875] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1229.992660][T31875] do_syscall_64+0xcd/0x4c0 [ 1229.992726][T31875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1229.992766][T31875] RIP: 0033:0x7f36c159030a [ 1229.992796][T31875] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1229.992837][T31875] RSP: 002b:00007f36c23e4e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1229.992874][T31875] RAX: ffffffffffffffda RBX: 00007f36c23e4ef0 RCX: 00007f36c159030a [ 1229.992900][T31875] RDX: 0000200000000400 RSI: 0000200000012500 RDI: 00007f36c23e4eb0 [ 1229.992926][T31875] RBP: 0000200000000400 R08: 00007f36c23e4ef0 R09: 0000000000200001 [ 1229.992953][T31875] R10: 0000000000200001 R11: 0000000000000246 R12: 0000200000012500 [ 1229.992979][T31875] R13: 00007f36c23e4eb0 R14: 00000000000125bb R15: 0000200000000180 [ 1229.993036][T31875] [ 1230.382692][T31875] gfs2: fsid=norecovery.s: Error checking journal for spectator mount. [ 1230.394153][ T5909] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 1230.637505][ T5909] usb 1-1: Using ep0 maxpacket: 16 [ 1230.648388][ T5909] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1230.740043][ T5909] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1230.862795][ T5909] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1230.918594][ T5909] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1230.949722][ T5909] usb 1-1: Product: syz [ 1230.962118][ T5909] usb 1-1: Manufacturer: syz [ 1230.966764][ T5909] usb 1-1: SerialNumber: syz [ 1231.257553][ T5909] usb 1-1: 0:2 : does not exist [ 1231.318890][ T5909] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 1231.377439][T31911] loop9: detected capacity change from 0 to 128 [ 1231.428903][T31911] vfat: Unknown parameter 'ÿÿÿÿ' [ 1231.443201][ T5909] usb 1-1: USB disconnect, device number 48 [ 1231.502184][ T6046] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 1231.683315][ T5866] udevd[5866]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1231.707820][T31915] loop6: detected capacity change from 0 to 47 [ 1231.759301][ T6046] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1231.826897][ T6046] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1231.868232][ T6046] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1231.888548][ T6046] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1231.983005][T31908] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22 [ 1232.022427][ T6046] usb 9-1: Quirk or no altset; falling back to MIDI 1.0 [ 1232.262612][ T5909] usb 10-1: new high-speed USB device number 8 using dummy_hcd [ 1232.462384][ T5909] usb 10-1: Using ep0 maxpacket: 16 [ 1232.494921][ T5909] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1232.520249][T31902] loop3: detected capacity change from 0 to 32768 [ 1232.522220][ T5909] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1232.545464][ T5909] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1232.559109][ T5909] usb 10-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1232.570447][ T5909] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1232.589247][T26495] usb 9-1: USB disconnect, device number 8 [ 1232.613280][ T5909] usb 10-1: config 0 descriptor?? [ 1232.667187][T31902] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 1233.115946][T31202] ocfs2: Unmounting device (7,3) on (node local) [ 1233.162334][ T5909] input: HID 045e:07da as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/0003:045E:07DA.004C/input/input65 [ 1233.322779][ T5909] microsoft 0003:045E:07DA.004C: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.9-1/input0 [ 1233.408324][ T5909] usb 10-1: USB disconnect, device number 8 [ 1233.871803][T31949] fido_id[31949]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.9/usb10/report_descriptor': No such file or directory [ 1234.484355][ T43] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 1234.674582][ T43] usb 7-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1234.729570][ T43] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1234.779823][ T43] usb 7-1: config 0 descriptor?? [ 1235.031799][ T43] udl 7-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 1235.082257][ T5850] Bluetooth: hci4: command 0x0406 tx timeout [ 1235.243680][ T43] [drm:udl_init] *ERROR* Selecting channel failed [ 1235.271258][ T43] [drm] Initialized udl 0.0.1 for 7-1:0.0 on minor 2 [ 1235.289479][ T43] [drm] Initialized udl on minor 2 [ 1235.308989][ T43] udl 7-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1235.336330][ T43] udl 7-1:0.0: [drm] Cannot find any crtc or sizes [ 1235.374069][T27260] udl 7-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1235.393578][ T43] usb 7-1: USB disconnect, device number 14 [ 1235.436728][T27260] udl 7-1:0.0: [drm] Cannot find any crtc or sizes [ 1235.717463][T31960] loop8: detected capacity change from 0 to 32768 [ 1235.771551][T31960] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.10912 (31960) [ 1235.859837][T31960] BTRFS info (device loop8): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1235.890625][T31960] BTRFS info (device loop8): using crc32c (crc32c-lib) checksum algorithm [ 1235.947086][T31960] BTRFS info (device loop8): using free-space-tree [ 1236.330554][ T30] audit: type=1800 audit(2000000242.379:522): pid=31960 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.10912" name="file1" dev="loop8" ino=260 res=0 errno=0 [ 1236.405437][T31960] BTRFS info (device loop8): balance: start -sconvert=raid0,soft [ 1236.438339][T31960] BTRFS info (device loop8): relocating block group 1048576 flags system [ 1236.549422][T32030] netlink: 332 bytes leftover after parsing attributes in process `syz.0.10931'. [ 1236.643675][T32033] netlink: 24 bytes leftover after parsing attributes in process `syz.6.10932'. [ 1236.672548][ T5909] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 1236.685108][T31960] BTRFS info (device loop8): balance: ended with status: 0 [ 1236.872026][T30098] BTRFS info (device loop8): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1236.893628][ T5909] usb 3-1: Using ep0 maxpacket: 16 [ 1236.941218][ T5909] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1236.982293][ T5909] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1237.060896][ T5909] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1237.096814][ T5909] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1237.106609][ T5909] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1237.173052][ T5909] usb 3-1: config 0 descriptor?? [ 1237.202518][T26495] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 1237.389245][T26495] usb 1-1: Using ep0 maxpacket: 16 [ 1237.427958][T26495] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1237.469319][T26495] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1237.498635][T32054] netlink: 'syz.6.10939': attribute type 62 has an invalid length. [ 1237.548399][T26495] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1237.601637][T26495] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1237.652131][T26495] usb 1-1: Product: syz [ 1237.692260][T26495] usb 1-1: Manufacturer: syz [ 1237.696923][T26495] usb 1-1: SerialNumber: syz [ 1237.772172][T23048] usb 10-1: new high-speed USB device number 9 using dummy_hcd [ 1237.813366][ T5909] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.004D/input/input66 [ 1237.957760][T23048] usb 10-1: Using ep0 maxpacket: 16 [ 1237.972963][ T5909] microsoft 0003:045E:07DA.004D: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 1238.027490][T23048] usb 10-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 1238.053227][T23048] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1238.093798][T26495] usb 1-1: 0:2 : does not exist [ 1238.113717][T23048] usb 10-1: Product: syz [ 1238.124708][ T5909] usb 3-1: USB disconnect, device number 45 [ 1238.136010][T23048] usb 10-1: Manufacturer: syz [ 1238.140996][T26495] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 1238.171653][T23048] usb 10-1: SerialNumber: syz [ 1238.282144][T23048] usb 10-1: config 0 descriptor?? [ 1238.343340][T23048] ssu100 10-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 1238.352362][T26495] usb 1-1: USB disconnect, device number 49 [ 1238.447750][T32062] fido_id[32062]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory [ 1238.598224][ T6351] udevd[6351]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1238.872345][ T43] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 1238.957772][T23048] ssu100 10-1:0.0: probe with driver ssu100 failed with error -71 [ 1239.009814][T32048] loop3: detected capacity change from 0 to 32768 [ 1239.023417][T23048] usb 10-1: USB disconnect, device number 9 [ 1239.082818][ T43] usb 9-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1239.114697][ T43] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1239.171415][T32048] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 1239.175966][ T43] usb 9-1: config 0 descriptor?? [ 1239.253304][T27260] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 1239.281669][T32048] (syz.3.10938,32048,1):ocfs2_read_blocks:239 ERROR: status = -12 [ 1239.336409][T32048] (syz.3.10938,32048,0):ocfs2_group_extend:326 ERROR: status = -12 [ 1239.470046][T27260] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1239.505957][ T43] udl 9-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 1239.513520][T27260] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0093, bcdDevice=23.5a [ 1239.528594][T27260] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1239.582562][T27260] usb 7-1: Product: syz [ 1239.586811][T27260] usb 7-1: Manufacturer: syz [ 1239.591448][T27260] usb 7-1: SerialNumber: syz [ 1239.663379][T27260] usb 7-1: config 0 descriptor?? [ 1239.682855][T31202] ocfs2: Unmounting device (7,3) on (node local) [ 1239.714016][ T43] [drm:udl_init] *ERROR* Selecting channel failed [ 1239.815790][ T43] [drm] Initialized udl 0.0.1 for 9-1:0.0 on minor 2 [ 1239.882465][ T43] [drm] Initialized udl on minor 2 [ 1239.897982][T27260] usb 7-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 1239.921027][ T43] udl 9-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1239.943198][T27260] dvb_usb_af9035 7-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 1239.974201][ T43] udl 9-1:0.0: [drm] Cannot find any crtc or sizes [ 1239.991909][T30227] udl 9-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1240.016532][T27260] usb 7-1: USB disconnect, device number 15 [ 1240.049690][T30227] udl 9-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1240.068152][ T43] usb 9-1: USB disconnect, device number 9 [ 1240.093085][T30227] udl 9-1:0.0: [drm] Cannot find any crtc or sizes [ 1240.179885][T23048] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 1240.194954][T27870] Bluetooth: hci2: command 0x0405 tx timeout [ 1240.202198][ T5909] usb 10-1: new high-speed USB device number 10 using dummy_hcd [ 1240.386345][T23048] usb 4-1: Using ep0 maxpacket: 32 [ 1240.403923][ T5909] usb 10-1: Using ep0 maxpacket: 32 [ 1240.413224][T23048] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1240.458927][T23048] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1240.471631][ T5909] usb 10-1: New USB device found, idVendor=1039, idProduct=2120, bcdDevice= 2.a7 [ 1240.491662][ T5909] usb 10-1: New USB device strings: Mfr=249, Product=255, SerialNumber=3 [ 1240.512203][T23048] usb 4-1: New USB device found, idVendor=0b05, idProduct=1866, bcdDevice= 0.00 [ 1240.522008][ T5909] usb 10-1: Product: syz [ 1240.526337][ T5909] usb 10-1: Manufacturer: syz [ 1240.531030][ T5909] usb 10-1: SerialNumber: syz [ 1240.538836][T23048] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1240.563466][T23048] usb 4-1: config 0 descriptor?? [ 1240.578252][ T5909] usb 10-1: config 0 descriptor?? [ 1240.849221][ T5909] usb 10-1: [ueagle-atm] ADSL device founded vid (0X1039) pid (0X2120) Rev (0X2A7): Eagle II [ 1241.041883][T23048] asus 0003:0B05:1866.004E: item fetching failed at offset 3/5 [ 1241.092982][T23048] asus 0003:0B05:1866.004E: Asus hid parse failed: -22 [ 1241.115876][T23048] asus 0003:0B05:1866.004E: probe with driver asus failed with error -22 [ 1241.135414][T32122] loop8: detected capacity change from 0 to 512 [ 1241.245320][T32122] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1241.301628][T32122] ext4 filesystem being mounted at /86/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1241.342954][ T10] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 1241.352183][ T5909] usb 10-1: reset high-speed USB device number 10 using dummy_hcd [ 1241.392794][T26495] usb 4-1: USB disconnect, device number 24 [ 1241.548385][T30098] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1241.549682][ T10] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1241.621256][ T10] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1241.672430][ T10] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1241.709773][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1241.752640][T32123] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 1241.784088][ T10] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 1241.807132][ T5909] usb 10-1: [UEAGLE-ATM] interface 1 not found [ 1241.815380][ T5909] ueagle-atm 10-1:0.0: usbatm_usb_probe: bind failed: -19! [ 1241.865228][ T5909] usb 10-1: USB disconnect, device number 10 [ 1242.171457][T32115] loop6: detected capacity change from 0 to 32768 [ 1242.387697][T32115] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode. [ 1242.448262][ T43] usb 3-1: USB disconnect, device number 46 [ 1242.820723][T31207] ocfs2: Unmounting device (7,6) on (node local) [ 1243.123925][T32155] netlink: 'syz.6.10970': attribute type 1 has an invalid length. [ 1243.172281][T32155] netlink: 236 bytes leftover after parsing attributes in process `syz.6.10970'. [ 1243.742946][ T5909] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 1243.842221][T23048] usb 10-1: new high-speed USB device number 11 using dummy_hcd [ 1243.949228][T32177] loop6: detected capacity change from 0 to 2048 [ 1243.957062][T32180] netlink: 60 bytes leftover after parsing attributes in process `syz.8.10978'. [ 1243.975025][ T5909] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1244.001617][ T5909] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1244.031401][T23048] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1244.072153][ T5909] usb 4-1: config 0 descriptor?? [ 1244.087393][T23048] usb 10-1: New USB device found, idVendor=0ccd, idProduct=0093, bcdDevice=23.5a [ 1244.117717][T32183] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1244.132542][T23048] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1244.175646][T23048] usb 10-1: Product: syz [ 1244.180024][T23048] usb 10-1: Manufacturer: syz [ 1244.212097][T23048] usb 10-1: SerialNumber: syz [ 1244.215105][ T30] audit: type=1800 audit(2000000250.269:523): pid=32177 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.10977" name="file2" dev="loop6" ino=16 res=0 errno=0 [ 1244.233037][T23048] usb 10-1: config 0 descriptor?? [ 1244.351036][ T5909] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 1244.412131][T27260] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 1244.485937][T23048] usb 10-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 1244.522950][T32177] NILFS (loop6): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 3) [ 1244.524823][T23048] dvb_usb_af9035 10-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 1244.569929][ T5909] [drm:udl_init] *ERROR* Selecting channel failed [ 1244.601863][T23048] usb 10-1: USB disconnect, device number 11 [ 1244.602131][T27260] usb 3-1: Using ep0 maxpacket: 32 [ 1244.614475][T32177] NILFS error (device loop6): nilfs_bmap_propagate: broken bmap (inode number=16) [ 1244.667376][ T5909] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 1244.692017][T27260] usb 3-1: New USB device found, idVendor=1039, idProduct=2120, bcdDevice= 2.a7 [ 1244.692513][ T5909] [drm] Initialized udl on minor 2 [ 1244.701382][T27260] usb 3-1: New USB device strings: Mfr=249, Product=255, SerialNumber=3 [ 1244.736104][T32177] Remounting filesystem read-only [ 1244.745547][ T5909] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1244.767778][T27260] usb 3-1: Product: syz [ 1244.772405][T27260] usb 3-1: Manufacturer: syz [ 1244.777198][T27260] usb 3-1: SerialNumber: syz [ 1244.784373][ T5909] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 1244.791960][ T10] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1244.818175][ T10] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 1244.835700][T27260] usb 3-1: config 0 descriptor?? [ 1244.837520][ T5909] usb 4-1: USB disconnect, device number 25 [ 1244.872264][T31207] NILFS (loop6): disposed unprocessed dirty file(s) when stopping log writer [ 1245.015786][ T10] usb 9-1: new high-speed USB device number 10 using dummy_hcd [ 1245.090458][T27260] usb 3-1: [ueagle-atm] ADSL device founded vid (0X1039) pid (0X2120) Rev (0X2A7): Eagle II [ 1245.212165][ T10] usb 9-1: Using ep0 maxpacket: 16 [ 1245.243707][ T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1245.274514][ T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1245.328650][ T10] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1245.384376][ T10] usb 9-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1245.409737][ T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1245.449591][ T10] usb 9-1: config 0 descriptor?? [ 1245.742143][T27260] usb 3-1: reset high-speed USB device number 47 using dummy_hcd [ 1246.033420][T32217] loop3: detected capacity change from 0 to 64 [ 1246.043049][ T10] input: HID 045e:07da as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/0003:045E:07DA.004F/input/input67 [ 1246.184967][T27260] usb 3-1: [UEAGLE-ATM] interface 1 not found [ 1246.194252][ T10] microsoft 0003:045E:07DA.004F: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.8-1/input0 [ 1246.223568][T27260] ueagle-atm 3-1:0.0: usbatm_usb_probe: bind failed: -19! [ 1246.293962][T27260] usb 3-1: USB disconnect, device number 47 [ 1246.322979][ T10] usb 9-1: USB disconnect, device number 10 [ 1246.575812][T32225] netlink: 'syz.3.10993': attribute type 1 has an invalid length. [ 1246.622178][T32225] netlink: 236 bytes leftover after parsing attributes in process `syz.3.10993'. [ 1246.935397][T32227] fido_id[32227]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory [ 1247.427363][T32250] netlink: 802 bytes leftover after parsing attributes in process `syz.3.11001'. [ 1247.431671][T32249] loop8: detected capacity change from 0 to 8 [ 1247.470602][T32252] loop6: detected capacity change from 0 to 256 [ 1247.504113][T32252] exfat: Deprecated parameter 'utf8' [ 1247.517523][T32249] cramfs: Error -3 while decompressing! [ 1247.526621][ T5866] udevd[5866]: incorrect cramfs checksum on /dev/loop8 [ 1247.541440][T32249] cramfs: ffffffff9aee0c28(26)->ffff88806ae71000(4096) [ 1247.599479][T32249] cramfs: Error -3 while decompressing! [ 1247.617172][T32252] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 1247.624167][T32249] cramfs: ffffffff9aee0c42(2074)->ffff88804de10000(4096) [ 1247.662283][ T5909] usb 10-1: new high-speed USB device number 12 using dummy_hcd [ 1247.677515][T32249] cramfs: bad data blocksize 4294965264 [ 1247.712881][T32249] cramfs: Error -3 while decompressing! [ 1247.752452][T32249] cramfs: ffffffff9aee0c28(26)->ffff88806ae71000(4096) [ 1247.886268][ T5909] usb 10-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1247.896711][ T5909] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1247.922607][ T5909] usb 10-1: config 0 descriptor?? [ 1248.163574][ T5909] udl 10-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 1248.227710][T32271] loop6: detected capacity change from 0 to 64 [ 1248.235183][T32270] netlink: 8 bytes leftover after parsing attributes in process `syz.8.11011'. [ 1248.292144][T27260] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 1248.359941][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 1248.369786][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 1248.376277][ T5909] [drm:udl_init] *ERROR* Selecting channel failed [ 1248.419590][ T5909] [drm] Initialized udl 0.0.1 for 10-1:0.0 on minor 2 [ 1248.448210][ T5909] [drm] Initialized udl on minor 2 [ 1248.462714][ T5909] udl 10-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1248.487097][ T5909] udl 10-1:0.0: [drm] Cannot find any crtc or sizes [ 1248.498538][T26495] udl 10-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1248.513809][T27260] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1248.537875][T26495] udl 10-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1248.558536][ T5909] usb 10-1: USB disconnect, device number 12 [ 1248.592846][T27260] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1248.605686][T26495] udl 10-1:0.0: [drm] Cannot find any crtc or sizes [ 1248.632156][T27260] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1248.677158][T32280] loop8: detected capacity change from 0 to 256 [ 1248.679712][T27260] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1248.737332][T32280] exfat: Deprecated parameter 'utf8' [ 1248.761470][T32279] loop3: detected capacity change from 0 to 2048 [ 1248.763426][T32265] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 1248.802951][T32280] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0xdc42f586, utbl_chksum : 0xe619d30d) [ 1248.821459][T27260] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 1248.902802][T32286] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1249.028511][ T30] audit: type=1800 audit(2000000255.059:524): pid=32279 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.11012" name="file2" dev="loop3" ino=16 res=0 errno=0 [ 1249.112543][T30227] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 1249.122822][ T43] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 1249.151712][T32279] NILFS (loop3): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 3) [ 1249.242281][T32279] NILFS error (device loop3): nilfs_bmap_propagate: broken bmap (inode number=16) [ 1249.292833][T32279] Remounting filesystem read-only [ 1249.307329][T27260] usb 1-1: USB disconnect, device number 50 [ 1249.313579][T30227] usb 7-1: Using ep0 maxpacket: 32 [ 1249.334771][ T43] usb 3-1: config 27 interface 0 altsetting 0 has an endpoint descriptor with address 0x15, changing to 0x5 [ 1249.372349][T30227] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1249.398676][ T43] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1249.429622][T30227] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1249.464490][ T43] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1249.484960][T30227] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00 [ 1249.507293][ T43] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1249.523708][T30227] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1249.541651][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1249.586558][T30227] usb 7-1: config 0 descriptor?? [ 1249.639867][T31202] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer [ 1249.686741][T32284] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 1249.721776][ T43] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 1249.784394][ T43] usb 3-1: invalid MIDI in EP 0 [ 1250.059949][ T43] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 1250.159528][ T5858] udevd[5858]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1250.184840][T30227] lua 0003:1E7D:2C2E.0050: item fetching failed at offset 5/7 [ 1250.217469][ T43] usb 3-1: USB disconnect, device number 48 [ 1250.226872][T30227] lua 0003:1E7D:2C2E.0050: parse failed [ 1250.254054][T30227] lua 0003:1E7D:2C2E.0050: probe with driver lua failed with error -22 [ 1250.353399][T30227] usb 7-1: USB disconnect, device number 16 [ 1250.827006][ T43] usb 10-1: new high-speed USB device number 13 using dummy_hcd [ 1251.032136][ T43] usb 10-1: Using ep0 maxpacket: 8 [ 1251.059896][ T43] usb 10-1: config 168 descriptor has 1 excess byte, ignoring [ 1251.092521][ T43] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1251.119075][T32331] loop3: detected capacity change from 0 to 256 [ 1251.133246][ T43] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1251.167051][T32333] netlink: 'syz.2.11034': attribute type 1 has an invalid length. [ 1251.186910][ T43] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1251.204597][T32333] netlink: 216 bytes leftover after parsing attributes in process `syz.2.11034'. [ 1251.249318][ T43] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1251.286376][T23048] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 1251.287316][ T43] usb 10-1: config 168 descriptor has 1 excess byte, ignoring [ 1251.324353][ T43] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1251.387102][ T43] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1251.422617][ T43] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1251.453405][T32340] netlink: 'syz.8.11037': attribute type 1 has an invalid length. [ 1251.502227][ T43] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1251.504482][T23048] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1251.561487][ T43] usb 10-1: config 168 descriptor has 1 excess byte, ignoring [ 1251.586468][ T43] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1251.596353][T23048] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1251.647473][ T43] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1251.670841][T23048] usb 1-1: config 0 descriptor?? [ 1251.688871][ T43] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1251.724426][ T43] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1251.755757][ T43] usb 10-1: string descriptor 0 read error: -22 [ 1251.772219][ T43] usb 10-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1251.832169][T26495] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 1251.847985][ T43] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1251.899206][ T43] adutux 10-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1251.922177][ T5909] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 1251.931456][T23048] udl 1-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 1252.006891][T26495] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1252.022141][T26495] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1252.053122][T26495] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1252.067816][T26495] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1252.119827][T32342] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 1252.128460][ T5909] usb 7-1: Using ep0 maxpacket: 16 [ 1252.137985][T23048] [drm:udl_init] *ERROR* Selecting channel failed [ 1252.159193][ T5909] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1252.182382][T26495] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1252.215565][T23048] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 2 [ 1252.222449][ T5909] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1252.260462][ T5909] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1252.283375][T23048] [drm] Initialized udl on minor 2 [ 1252.300153][T23048] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1252.313393][ T10] usb 10-1: USB disconnect, device number 13 [ 1252.346169][ T5909] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1252.358797][T23048] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 1252.374041][T26494] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1252.407132][ T5909] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1252.436264][T26494] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1252.489143][T26494] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 1252.498546][T23048] usb 1-1: USB disconnect, device number 51 [ 1252.535208][ T5909] usb 7-1: config 0 descriptor?? [ 1252.653584][T26495] usb 4-1: USB disconnect, device number 26 [ 1253.147676][ T5909] input: HID 045e:07da as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:045E:07DA.0051/input/input68 [ 1253.195149][T32376] loop9: detected capacity change from 0 to 256 [ 1253.231447][T32376] exfat: Deprecated parameter 'utf8' [ 1253.276110][T32376] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0xdc42f586, utbl_chksum : 0xe619d30d) [ 1253.306197][ T5909] microsoft 0003:045E:07DA.0051: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.6-1/input0 [ 1253.432506][ T5909] usb 7-1: USB disconnect, device number 17 [ 1253.622213][T23048] usb 9-1: new high-speed USB device number 11 using dummy_hcd [ 1253.806058][T32382] fido_id[32382]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 1253.830974][T23048] usb 9-1: Using ep0 maxpacket: 32 [ 1253.863416][T23048] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1253.922199][T23048] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1253.932909][T32394] loop9: detected capacity change from 0 to 128 [ 1253.969560][T23048] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00 [ 1254.004711][T23048] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1254.015162][T32394] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=256, location=256 [ 1254.070379][T23048] usb 9-1: config 0 descriptor?? [ 1254.101770][T32394] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1254.569099][T23048] lua 0003:1E7D:2C2E.0052: item fetching failed at offset 5/7 [ 1254.620824][T23048] lua 0003:1E7D:2C2E.0052: parse failed [ 1254.648133][T23048] lua 0003:1E7D:2C2E.0052: probe with driver lua failed with error -22 [ 1254.821669][T32360] usb 9-1: USB disconnect, device number 11 [ 1254.912716][ T43] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 1255.003279][T23048] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 1255.072360][ T43] usb 7-1: Using ep0 maxpacket: 8 [ 1255.080187][ T43] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 1255.090537][ T43] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1255.116747][ T43] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1255.124532][T32385] loop3: detected capacity change from 0 to 32768 [ 1255.147989][ T43] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1255.199537][T23048] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1255.201630][ T43] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1255.212081][T23048] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1255.253655][T23048] usb 3-1: config 0 descriptor?? [ 1255.300461][T32385] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1255.348831][ T43] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 1255.366277][ T43] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1255.397700][ T43] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1255.416658][ T43] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1255.429424][ T43] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1255.488272][ T43] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 1255.506661][T23048] udl 3-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 1255.510780][ T43] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1255.556407][ T43] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1255.599495][ T43] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1255.628884][ T43] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1255.635743][T32435] loop8: detected capacity change from 0 to 512 [ 1255.688527][T32435] EXT4-fs: Ignoring removed orlov option [ 1255.708976][T23048] [drm:udl_init] *ERROR* Selecting channel failed [ 1255.710079][ T43] usb 7-1: string descriptor 0 read error: -22 [ 1255.745739][T32435] EXT4-fs (loop8): mounting ext3 file system using the ext4 subsystem [ 1255.770006][ T43] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1255.791470][ T43] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1255.821351][T32385] XFS (loop3): Ending clean mount [ 1255.823023][ T43] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1255.828448][T32435] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002] [ 1255.873987][T23048] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2 [ 1255.929729][T32435] EXT4-fs error (device loop8): ext4_iget_extra_inode:5103: inode #15: comm syz.8.11067: corrupted in-inode xattr: e_value size too large [ 1255.942098][T23048] [drm] Initialized udl on minor 2 [ 1255.980280][T32385] XFS (loop3): Quotacheck needed: Please wait. [ 1255.997620][T32435] EXT4-fs error (device loop8): ext4_orphan_get:1395: comm syz.8.11067: couldn't read orphan inode 15 (err -117) [ 1256.034558][T23048] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1256.061853][T32435] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1256.071265][T23048] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 1256.082695][T26495] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1256.137575][T26495] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1256.155749][T23048] usb 3-1: USB disconnect, device number 49 [ 1256.183267][T26495] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 1256.218234][T32385] XFS (loop3): Quotacheck: Done. [ 1256.374824][ T43] usb 7-1: USB disconnect, device number 18 [ 1256.497798][T31202] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1256.591449][T30098] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1256.740583][T32453] loop9: detected capacity change from 0 to 512 [ 1256.774426][T32453] EXT4-fs: Ignoring removed oldalloc option [ 1256.831161][T32453] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode [ 1257.056485][T32453] EXT4-fs (loop9): 1 truncate cleaned up [ 1257.094330][T32453] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1257.262954][T32453] EXT4-fs error (device loop9): mb_free_blocks:2014: group 0, inode 16: block 33:freeing already freed block (bit 32); block bitmap corrupt. [ 1257.295254][T32466] EXT4-fs error (device loop9): ext4_get_verity_descriptor_location:298: inode #15: comm syz.9.11071: verity file has no extents [ 1257.362739][T32466] EXT4-fs (loop9): Remounting filesystem read-only [ 1257.369405][T32466] fs-verity (loop9, inode 15): Error -117 getting verity descriptor size [ 1257.531176][T32472] loop8: detected capacity change from 0 to 2048 [ 1257.590002][T30150] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1257.714853][T32480] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1257.857501][ T30] audit: type=1800 audit(2000000263.889:525): pid=32472 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.11078" name="file2" dev="loop8" ino=16 res=0 errno=0 [ 1257.936865][T32472] NILFS (loop8): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 3) [ 1257.980962][T32472] NILFS error (device loop8): nilfs_bmap_propagate: broken bmap (inode number=16) [ 1258.096977][T32472] Remounting filesystem read-only [ 1258.155457][T26495] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 1258.287372][T30098] NILFS (loop8): disposed unprocessed dirty file(s) when stopping log writer [ 1258.378206][T26495] usb 7-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 1258.408482][T26495] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1258.462348][T26495] usb 7-1: Product: syz [ 1258.472806][T26495] usb 7-1: Manufacturer: syz [ 1258.487757][T26495] usb 7-1: SerialNumber: syz [ 1258.516801][T26495] usb 7-1: config 0 descriptor?? [ 1258.846306][T32511] netlink: 40 bytes leftover after parsing attributes in process `syz.0.11092'. [ 1258.855972][T32360] usb 9-1: new high-speed USB device number 12 using dummy_hcd [ 1258.893721][ T43] usb 7-1: USB disconnect, device number 19 [ 1259.032193][T32360] usb 9-1: Using ep0 maxpacket: 8 [ 1259.080727][T32360] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 1259.100736][T32360] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1259.122082][T32360] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1259.144945][T32360] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1259.172895][T32360] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1259.203693][T32360] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 1259.231442][T32360] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1259.251535][T32360] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1259.282171][T32360] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1259.306320][T32360] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1259.343939][T32360] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 1259.362070][T32360] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1259.394649][T32360] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1259.428004][T32360] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1259.455744][T32360] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1259.486918][T32360] usb 9-1: string descriptor 0 read error: -22 [ 1259.502539][T32360] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1259.531994][T32360] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1259.559051][T32360] adutux 9-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1259.697321][T32502] loop9: detected capacity change from 0 to 32768 [ 1259.739260][T32502] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.11089 (32502) [ 1259.802320][T32502] BTRFS info (device loop9): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1259.849984][T32502] BTRFS info (device loop9): using crc32c (crc32c-lib) checksum algorithm [ 1259.906175][T32502] BTRFS info (device loop9): using free-space-tree [ 1259.914425][T32519] [U] [ 1259.917185][T32519] [U] [ 1259.919925][T32519] [U] [ 1259.922657][T32519] [U] [ 1259.925401][T32519] [U] [ 1259.928137][T32519] [U] [ 1259.930872][T32519] [U] [ 1259.933609][T32519] [U] [ 1259.979729][T32519] [U] [ 1259.982515][T32519] [U] [ 1259.985254][T32519] [U] [ 1260.007292][T32518] [U] [ 1260.025744][T23048] usb 9-1: USB disconnect, device number 12 [ 1260.222213][T26495] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 1260.292423][ T30] audit: type=1800 audit(2000000266.339:526): pid=32502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.11089" name="file1" dev="loop9" ino=260 res=0 errno=0 [ 1260.392947][T32502] BTRFS info (device loop9): balance: start -sconvert=raid0,soft [ 1260.425880][T26495] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1260.436503][T32502] BTRFS info (device loop9): relocating block group 1048576 flags system [ 1260.485047][T26495] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1260.547783][T26495] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1260.623826][T26495] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1260.658465][T32523] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 1260.711484][T26495] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 1260.769115][T32502] BTRFS info (device loop9): balance: ended with status: 0 [ 1261.149615][T26495] usb 7-1: USB disconnect, device number 20 [ 1261.182666][T30150] BTRFS info (device loop9): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1261.351818][T32566] loop3: detected capacity change from 0 to 1024 [ 1261.464372][T32566] hfsplus: invalid xattr key length: 0 [ 1261.970687][ T5850] Bluetooth: hci0: SCO packet too small [ 1262.735332][T32601] loop9: detected capacity change from 0 to 256 [ 1262.758810][T32600] netlink: 28 bytes leftover after parsing attributes in process `syz.3.11119'. [ 1262.774060][T32601] exfat: Deprecated parameter 'utf8' [ 1262.817000][T32601] exfat: Deprecated parameter 'namecase' [ 1262.935883][T32601] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 1263.276239][T32611] loop3: detected capacity change from 0 to 4096 [ 1263.372964][T23048] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 1263.384017][T32611] NILFS (loop3): invalid segment: Checksum error in segment payload [ 1263.433871][T32611] NILFS (loop3): trying rollback from an earlier position [ 1263.566327][T32611] NILFS (loop3): recovery complete [ 1263.585871][T23048] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1263.601309][T23048] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 1263.610701][T23048] usb 3-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 1263.621676][T23048] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1263.621728][T32621] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1263.673331][T23048] usb 3-1: config 0 descriptor?? [ 1264.069893][T32581] loop6: detected capacity change from 0 to 32768 [ 1264.148218][T32581] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.11113 (32581) [ 1264.208022][T23048] Bluetooth: Can't get state to change to load configuration err [ 1264.247989][T23048] Bluetooth: Loading sysconfig file failed [ 1264.303421][T23048] ath3k 3-1:0.0: probe with driver ath3k failed with error -16 [ 1264.343174][T23048] usb 3-1: USB disconnect, device number 50 [ 1264.399061][T32581] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1264.492226][T32581] BTRFS info (device loop6): using sha256 (sha256-lib) checksum algorithm [ 1264.775312][T32660] loop8: detected capacity change from 0 to 8 [ 1264.992530][T32581] BTRFS info (device loop6): rebuilding free space tree [ 1265.057478][T32660] SQUASHFS error: xz decompression failed, data probably corrupt [ 1265.103741][T32581] BTRFS info (device loop6): disabling free space tree [ 1265.110838][T32581] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 1265.132251][T32660] SQUASHFS error: Failed to read block 0xa8: -5 [ 1265.146609][T32581] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 1265.148997][T32665] netlink: 'syz.9.11139': attribute type 1 has an invalid length. [ 1265.192169][T32665] netlink: 208 bytes leftover after parsing attributes in process `syz.9.11139'. [ 1265.217665][T32660] SQUASHFS error: xz decompression failed, data probably corrupt [ 1265.261918][T32665] netlink: 'syz.9.11139': attribute type 1 has an invalid length. [ 1265.285655][T32672] loop3: detected capacity change from 0 to 64 [ 1265.307872][T32665] netlink: 'syz.9.11139': attribute type 2 has an invalid length. [ 1265.325571][T32660] SQUASHFS error: Failed to read block 0xa8: -5 [ 1265.388225][ T30] audit: type=1800 audit(2000000271.439:527): pid=32660 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.11136" name="file0" dev="loop8" ino=3 res=0 errno=0 [ 1265.655601][T31207] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1266.087793][T32685] loop8: detected capacity change from 0 to 512 [ 1266.310573][T32685] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1266.338668][T32685] ext4 filesystem being mounted at /121/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1266.573977][T32685] EXT4-fs (loop8): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 1266.712167][T23048] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 1266.941227][T23048] usb 4-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 1266.967234][T23048] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1266.969729][T30098] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1267.007480][T23048] usb 4-1: Product: syz [ 1267.011698][T23048] usb 4-1: Manufacturer: syz [ 1267.065008][T23048] usb 4-1: SerialNumber: syz [ 1267.106540][T23048] usb 4-1: config 0 descriptor?? [ 1267.565783][T32723] loop6: detected capacity change from 0 to 4096 [ 1267.727666][T23048] usb 4-1: f81604_read: reg: 105 failed: -EPROTO [ 1267.747892][T23048] f81604 4-1:0.0: Setting termination of CH#1 failed: -EPROTO [ 1267.799996][T23048] f81604 4-1:0.0: probe with driver f81604 failed with error -71 [ 1267.860305][T23048] usb 4-1: USB disconnect, device number 27 [ 1268.272976][T32360] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 1268.428745][T32360] usb 1-1: Using ep0 maxpacket: 16 [ 1268.442687][T32747] loop9: detected capacity change from 0 to 4096 [ 1268.492594][T32360] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1268.528032][T32360] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1268.575741][T32756] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1268.601451][T32360] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1268.652616][T32360] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 1268.692920][T32360] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1268.794508][T32360] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1268.826063][T32360] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1268.898142][T32360] usb 1-1: Manufacturer: syz [ 1268.923304][T32360] usb 1-1: config 0 descriptor?? [ 1269.148773][ T302] netlink: 16 bytes leftover after parsing attributes in process `syz.2.11178'. [ 1269.523034][T32360] rc_core: IR keymap rc-hauppauge not found [ 1269.541020][T32360] Registered IR keymap rc-empty [ 1269.561465][T32360] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 1269.616288][T32360] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 1269.670333][ T316] loop8: detected capacity change from 0 to 2048 [ 1269.684298][T32360] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 1269.738849][ T316] UDF-fs: error (device loop8): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 1269.794077][T32360] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input69 [ 1269.808434][ T316] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1269.857972][T32360] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 1269.916484][T32360] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 1269.974089][T32360] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 1270.035583][T32360] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 1270.082282][T32360] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 1270.142850][T32360] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 1270.177106][ T334] loop6: detected capacity change from 0 to 1024 [ 1270.184579][T32360] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 1270.192688][T30227] usb 10-1: new high-speed USB device number 14 using dummy_hcd [ 1270.224818][ T332] mkiss: ax0: crc mode is auto. [ 1270.243062][T32360] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 1270.284971][T32360] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 1270.333090][T32360] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 1270.343699][ T334] hfsplus: bad catalog entry type [ 1270.386262][T32360] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 1270.392664][T30227] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1270.430331][T32360] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 1270.483447][T30227] usb 10-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1270.508008][T32360] usb 1-1: USB disconnect, device number 52 [ 1270.544942][T30227] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1270.561268][T30562] hfsplus: b-tree write err: -5, ino 4 [ 1270.576403][T30227] usb 10-1: Product: syz [ 1270.590914][T30227] usb 10-1: Manufacturer: syz [ 1270.618701][T30227] usb 10-1: SerialNumber: syz [ 1270.670166][T30227] usb 10-1: config 0 descriptor?? [ 1270.919242][T30227] snd-usb-audio 10-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 1270.980808][ T347] netlink: 80 bytes leftover after parsing attributes in process `syz.8.11192'. [ 1271.004779][T30227] usb 10-1: USB disconnect, device number 14 [ 1271.041700][ T347] netlink: 8 bytes leftover after parsing attributes in process `syz.8.11192'. [ 1271.111667][ T6351] udevd[6351]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1271.465870][ T359] loop3: detected capacity change from 0 to 164 [ 1271.865995][ T368] loop9: detected capacity change from 0 to 64 [ 1272.573623][ T43] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 1272.813086][ T43] usb 4-1: Using ep0 maxpacket: 8 [ 1272.852383][ T43] usb 4-1: config 0 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1272.893704][ T43] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1272.924570][ T43] usb 4-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.00 [ 1272.962198][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1273.013420][ T43] usb 4-1: config 0 descriptor?? [ 1273.470045][ T409] pimreg2: entered allmulticast mode [ 1273.483521][ T43] elecom 0003:056E:00FB.0053: hidraw0: USB HID vd7.68 Device [HID 056e:00fb] on usb-dummy_hcd.3-1/input0 [ 1273.751850][T32360] usb 4-1: USB disconnect, device number 28 [ 1273.867316][ T416] loop8: detected capacity change from 0 to 1024 [ 1273.888348][ T412] fido_id[412]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 1273.976380][ T416] hfsplus: bad catalog entry type [ 1274.156597][ T423] netlink: 24 bytes leftover after parsing attributes in process `syz.9.11223'. [ 1274.182730][T17475] hfsplus: b-tree write err: -5, ino 4 [ 1274.568999][ T431] netlink: 20 bytes leftover after parsing attributes in process `syz.9.11227'. [ 1274.906187][ T443] netlink: 56 bytes leftover after parsing attributes in process `syz.9.11233'. [ 1274.967186][ T445] loop3: detected capacity change from 0 to 128 [ 1275.054553][ T445] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 1275.145552][ T445] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 1275.500375][ T453] loop8: detected capacity change from 0 to 2048 [ 1275.612693][ T6904] loop8: p1 < > p4 [ 1275.628289][ T6904] loop8: p4 size 8388608 extends beyond EOD, truncated [ 1275.961579][ T453] loop8: p1 < > p4 [ 1276.011432][ T453] loop8: p4 size 8388608 extends beyond EOD, truncated [ 1276.169986][ T476] fuse: Invalid rootmode [ 1276.196868][ T30] audit: type=1326 audit(2000000282.239:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=475 comm="syz.3.11249" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb3c038eb69 code=0x0 [ 1276.527227][ T486] loop6: detected capacity change from 0 to 8 [ 1276.668696][ T492] Bluetooth: MGMT ver 1.23 [ 1276.936574][ T494] netlink: 'syz.0.11257': attribute type 58 has an invalid length. [ 1276.959112][ T497] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1277.009438][ T494] netlink: 20 bytes leftover after parsing attributes in process `syz.0.11257'. [ 1277.854266][ T520] : entered promiscuous mode [ 1278.052505][ T528] loop8: detected capacity change from 0 to 1024 [ 1278.060006][ T528] EXT4-fs: inline encryption not supported [ 1278.092694][ T528] EXT4-fs: Ignoring removed i_version option [ 1278.137020][ T526] loop3: detected capacity change from 0 to 4096 [ 1278.185881][ T528] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1278.223175][ T526] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 1278.304380][ T528] EXT4-fs error (device loop8): mb_free_blocks:2014: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 1278.332939][ T528] EXT4-fs (loop8): Remounting filesystem read-only [ 1278.412413][ T526] ntfs3(loop3): ino=1a, mi_enum_attr [ 1278.417772][ T526] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 1278.609091][T30098] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1278.986044][ T556] sp0: Synchronizing with TNC [ 1279.287521][ T5850] Bluetooth: hci1: Malformed Event: 0x02 [ 1279.402074][ T5850] Bluetooth: hci2: command 0x0405 tx timeout [ 1279.684227][T27260] usb 9-1: new high-speed USB device number 13 using dummy_hcd [ 1279.718651][ T573] loop9: detected capacity change from 0 to 8192 [ 1279.782775][T30227] usb 4-1: new full-speed USB device number 29 using dummy_hcd [ 1279.786135][ T573] FAT-fs (loop9): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1279.874182][T27260] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1279.892093][T27260] usb 9-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00 [ 1279.933555][T27260] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1279.957022][ T30] audit: type=1326 audit(2000000286.009:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=586 comm="syz.0.11300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ee358eb69 code=0x7ffc0000 [ 1279.998506][T30227] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 1280.018505][T27260] usb 9-1: config 0 descriptor?? [ 1280.042239][T30227] usb 4-1: config 0 has no interface number 0 [ 1280.070678][T30227] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 1280.094381][ T30] audit: type=1326 audit(2000000286.049:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=586 comm="syz.0.11300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ee358eb69 code=0x7ffc0000 [ 1280.125098][T30227] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1280.190412][ T30] audit: type=1326 audit(2000000286.069:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=586 comm="syz.0.11300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7f6ee358eb69 code=0x7ffc0000 [ 1280.195537][T30227] usb 4-1: config 0 descriptor?? [ 1280.306078][ T30] audit: type=1326 audit(2000000286.069:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=586 comm="syz.0.11300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ee358eb69 code=0x7ffc0000 [ 1280.332843][T30227] usb 4-1: selecting invalid altsetting 1 [ 1280.338809][T30227] dvb_ttusb_budget: ttusb_init_controller: error [ 1280.379954][T30227] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 1280.420116][ T30] audit: type=1326 audit(2000000286.069:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=586 comm="syz.0.11300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ee358eb69 code=0x7ffc0000 [ 1280.477072][T27260] hid (null): invalid report_size -1431966552 [ 1280.521412][T27260] logitech-djreceiver 0003:046D:C71F.0054: invalid report_size -1431966552 [ 1280.542163][ T30] audit: type=1326 audit(2000000286.069:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=586 comm="syz.0.11300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=148 compat=0 ip=0x7f6ee358eb69 code=0x7ffc0000 [ 1280.582690][T27260] logitech-djreceiver 0003:046D:C71F.0054: item 0 4 1 7 parsing failed [ 1280.601201][T27260] logitech-djreceiver 0003:046D:C71F.0054: logi_dj_probe: parse failed [ 1280.633364][T27260] logitech-djreceiver 0003:046D:C71F.0054: probe with driver logitech-djreceiver failed with error -22 [ 1280.672267][ T30] audit: type=1326 audit(2000000286.069:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=586 comm="syz.0.11300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ee358eb69 code=0x7ffc0000 [ 1280.714158][T27260] usb 9-1: USB disconnect, device number 13 [ 1280.786488][ T30] audit: type=1326 audit(2000000286.069:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=586 comm="syz.0.11300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ee358eb69 code=0x7ffc0000 [ 1280.822182][T30227] DVB: Unable to find symbol cx22700_attach() [ 1281.075150][ T610] loop6: detected capacity change from 0 to 1024 [ 1281.355700][ T30] audit: type=1326 audit(2000000286.249:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=588 comm="syz.9.11301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c0898eb69 code=0x7ffc0000 [ 1281.492166][ T30] audit: type=1326 audit(2000000286.269:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=588 comm="syz.9.11301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c0898eb69 code=0x7ffc0000 [ 1281.592220][ T30] audit: type=1326 audit(2000000286.269:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=588 comm="syz.9.11301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7f2c0898eb69 code=0x7ffc0000 [ 1281.593940][ T610] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1281.616187][ T30] audit: type=1326 audit(2000000286.269:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=588 comm="syz.9.11301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c0898eb69 code=0x7ffc0000 [ 1281.651129][ T30] audit: type=1326 audit(2000000286.269:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=588 comm="syz.9.11301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c0898eb69 code=0x7ffc0000 [ 1281.673921][ T30] audit: type=1326 audit(2000000286.269:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=588 comm="syz.9.11301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=227 compat=0 ip=0x7f2c0898eb69 code=0x7ffc0000 [ 1281.741740][ T30] audit: type=1326 audit(1280.197:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=588 comm="syz.9.11301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c0898eb69 code=0x7ffc0000 [ 1281.765103][ T625] ieee802154 phy0 wpan0: encryption failed: -126 [ 1281.822559][T30227] DVB: Unable to find symbol tda10046_attach() [ 1281.842072][T30227] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 1281.877643][ T30] audit: type=1326 audit(1280.197:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=588 comm="syz.9.11301" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c0898eb69 code=0x7ffc0000 [ 1281.903272][T30227] usb 4-1: USB disconnect, device number 29 [ 1281.946578][T31207] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1282.266368][T30227] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 1282.454793][T30227] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 1282.472460][T30227] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1282.500649][T30227] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1282.534415][T30227] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1282.561768][T30227] usb 4-1: Manufacturer: syz [ 1282.618011][T30227] usb 4-1: config 0 descriptor?? [ 1282.840745][ T652] loop9: detected capacity change from 0 to 1024 [ 1282.893061][T30227] rc_core: IR keymap rc-hauppauge not found [ 1282.899013][T30227] Registered IR keymap rc-empty [ 1282.943340][T30227] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 1282.971503][T30227] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input70 [ 1283.197167][ T59] hfsplus: b-tree write err: -5, ino 4 [ 1283.586526][ T43] usb 4-1: USB disconnect, device number 30 [ 1283.750586][ T669] loop8: detected capacity change from 0 to 2048 [ 1283.791142][ T669] NILFS (loop8): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1283.893646][ T674] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1284.068801][ T676] usb usb1: check_ctrlrecip: process 676 (syz.6.11340) requesting ep 01 but needs 81 [ 1284.116168][ T676] usb usb1: usbfs: process 676 (syz.6.11340) did not claim interface 0 before use [ 1284.397278][ T682] loop3: detected capacity change from 0 to 256 [ 1284.462639][ T682] exfat: Deprecated parameter 'namecase' [ 1284.509981][ T682] exfat: Deprecated parameter 'namecase' [ 1284.639400][ T682] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 1284.820834][ T695] loop9: detected capacity change from 0 to 64 [ 1284.930613][ T695] Trying to free block not in datazone [ 1284.952522][ T695] minix_free_block (loop9:21): bit already cleared [ 1285.762621][ T719] Bluetooth: MGMT ver 1.23 [ 1286.077795][ T729] netlink: 40 bytes leftover after parsing attributes in process `syz.9.11366'. [ 1286.126985][ T732] netlink: 204 bytes leftover after parsing attributes in process `syz.6.11368'. [ 1286.153424][ T733] loop3: detected capacity change from 0 to 256 [ 1286.251382][ T737] loop8: detected capacity change from 0 to 16 [ 1286.281618][ T737] erofs (device loop8): mounted with root inode @ nid 36. [ 1286.315287][ T733] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe66f6fd, utbl_chksum : 0xe619d30d) [ 1287.079160][ T751] loop3: detected capacity change from 0 to 4096 [ 1287.174140][ T751] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 1287.205093][ T751] UDF-fs: Scanning with blocksize 512 failed [ 1287.257393][ T751] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1287.280366][ T764] loop8: detected capacity change from 0 to 128 [ 1287.333708][ T764] vfat: Unknown parameter 'ÿÿÿÿ' [ 1287.404668][ T751] UDF-fs: error (device loop3): udf_fiiter_advance_blk: extent after position 0 not allocated in directory (ino 1328) [ 1288.422329][T32360] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 1288.603590][T32360] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1288.607144][ T762] loop6: detected capacity change from 0 to 32768 [ 1288.637357][T32360] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1288.666567][T32360] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1288.701335][T32360] usb 4-1: New USB device found, idVendor=0853, idProduct=0148, bcdDevice= 0.00 [ 1288.735651][T32360] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1288.810206][T32360] usb 4-1: config 0 descriptor?? [ 1289.265343][T32360] topre 0003:0853:0148.0055: item fetching failed at offset 0/3 [ 1289.289079][T32360] topre 0003:0853:0148.0055: probe with driver topre failed with error -22 [ 1289.449698][ T779] loop9: detected capacity change from 0 to 32768 [ 1289.458055][ T779] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.11389 (779) [ 1289.472099][T23048] usb 9-1: new high-speed USB device number 14 using dummy_hcd [ 1289.522794][ T43] usb 4-1: USB disconnect, device number 31 [ 1289.522828][ T779] BTRFS info (device loop9): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1289.558839][ T797] netlink: 332 bytes leftover after parsing attributes in process `syz.6.11398'. [ 1289.600211][ T779] BTRFS info (device loop9): using blake2b (blake2b-256-generic) checksum algorithm [ 1289.628408][ T779] BTRFS info (device loop9): using free-space-tree [ 1289.642581][ T799] netlink: 24 bytes leftover after parsing attributes in process `syz.0.11399'. [ 1289.652163][T23048] usb 9-1: Using ep0 maxpacket: 16 [ 1289.666168][T23048] usb 9-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 1289.678791][T23048] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1289.700301][T23048] usb 9-1: Product: syz [ 1289.720320][T23048] usb 9-1: Manufacturer: syz [ 1289.729532][T23048] usb 9-1: SerialNumber: syz [ 1289.809439][T23048] usb 9-1: config 0 descriptor?? [ 1289.858848][T23048] ssu100 9-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 1290.285287][T30150] BTRFS info (device loop9): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1290.349676][ T825] netlink: 'syz.6.11404': attribute type 4 has an invalid length. [ 1290.487911][T23048] ssu100 9-1:0.0: probe with driver ssu100 failed with error -71 [ 1290.552318][T23048] usb 9-1: USB disconnect, device number 14 [ 1290.747245][ T837] loop6: detected capacity change from 0 to 256 [ 1290.783521][ T837] exfat: Deprecated parameter 'utf8' [ 1290.821619][ T837] exfat: Deprecated parameter 'namecase' [ 1290.885173][ T837] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 1290.939366][T32360] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 1291.113825][T32360] usb 4-1: Using ep0 maxpacket: 32 [ 1291.144415][T32360] usb 4-1: config 0 has an invalid interface number: 247 but max is 0 [ 1291.162112][T32360] usb 4-1: config 0 has no interface number 0 [ 1291.198731][T32360] usb 4-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b [ 1291.216932][T32360] usb 4-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0 [ 1291.245699][T32360] usb 4-1: Product: syz [ 1291.249964][T32360] usb 4-1: Manufacturer: syz [ 1291.260944][T32360] usb 4-1: config 0 descriptor?? [ 1291.362119][ T30] audit: type=1326 audit(1291.317:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=847 comm="syz.8.11414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f613278eb69 code=0x7ffc0000 [ 1291.466556][ T30] audit: type=1326 audit(1291.327:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=847 comm="syz.8.11414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f613278eb69 code=0x7ffc0000 [ 1291.592178][ T30] audit: type=1326 audit(1291.367:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=847 comm="syz.8.11414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f613278eb69 code=0x7ffc0000 [ 1291.718000][ T30] audit: type=1326 audit(1291.367:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=847 comm="syz.8.11414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f613278eb69 code=0x7ffc0000 [ 1291.761437][ T854] netlink: 'syz.8.11417': attribute type 1 has an invalid length. [ 1291.781612][ T854] netlink: 208 bytes leftover after parsing attributes in process `syz.8.11417'. [ 1291.799618][ T30] audit: type=1326 audit(1291.367:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=847 comm="syz.8.11414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f613278eb69 code=0x7ffc0000 [ 1291.825469][ T854] netlink: 'syz.8.11417': attribute type 1 has an invalid length. [ 1291.834213][ T30] audit: type=1326 audit(1291.367:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=847 comm="syz.8.11414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f613278eb69 code=0x7ffc0000 [ 1291.840721][ T854] netlink: 'syz.8.11417': attribute type 2 has an invalid length. [ 1291.884582][ T30] audit: type=1326 audit(1291.367:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=847 comm="syz.8.11414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f613278eb69 code=0x7ffc0000 [ 1291.959159][ T30] audit: type=1326 audit(1291.367:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=847 comm="syz.8.11414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f613278eb69 code=0x7ffc0000 [ 1292.236640][ T868] blktrace: Concurrent blktraces are not allowed on sg0 [ 1292.300389][ T870] loop8: detected capacity change from 0 to 1024 [ 1292.593723][T30562] hfsplus: b-tree write err: -5, ino 4 [ 1292.601746][ T5909] usb 4-1: USB disconnect, device number 32 [ 1292.902655][ T887] mkiss: ax0: crc mode is auto. [ 1293.279929][T30227] kernel write not supported for file /binder/transactions (pid: 30227 comm: kworker/1:5) [ 1293.859616][ T881] loop6: detected capacity change from 0 to 32768 [ 1293.928736][ T881] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.11427 (881) [ 1294.004863][ T881] BTRFS info (device loop6): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1294.031964][ T881] BTRFS info (device loop6): using xxhash64 (xxhash64-generic) checksum algorithm [ 1294.067605][ T881] BTRFS info (device loop6): using free-space-tree [ 1294.263991][T30227] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 1294.312850][ T881] BTRFS info (device loop6): balance: start -susage=4294967290..4294967295,limit=0..6 [ 1294.392314][ T881] BTRFS info (device loop6): balance: ended with status: 0 [ 1294.457193][T30227] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1294.502143][T30227] usb 4-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00 [ 1294.511249][T30227] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1294.590156][T30227] usb 4-1: config 0 descriptor?? [ 1294.624025][T31207] BTRFS info (device loop6): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1294.651725][ T909] loop9: detected capacity change from 0 to 32768 [ 1294.771314][ T909] ocfs2: Slot 0 on device (7,9) was already allocated to this node! [ 1294.875248][ T909] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode. [ 1295.180136][T30227] dragonrise 0003:0079:0006.0056: hidraw0: USB HID v0.00 Device [HID 0079:0006] on usb-dummy_hcd.3-1/input0 [ 1295.241083][T30227] dragonrise 0003:0079:0006.0056: no inputs found [ 1295.284361][T30227] dragonrise 0003:0079:0006.0056: force feedback init failed [ 1295.332987][ T950] loop8: detected capacity change from 0 to 32768 [ 1295.422292][ T5909] usb 4-1: USB disconnect, device number 33 [ 1295.428701][ T950] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.11450 (950) [ 1295.452200][T27260] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 1295.571978][ T950] BTRFS info (device loop8): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1295.617785][ T969] fido_id[969]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 1295.642246][ T950] BTRFS info (device loop8): using xxhash64 (xxhash64-generic) checksum algorithm [ 1295.657303][T27260] usb 3-1: New USB device found, idVendor=0c70, idProduct=f010, bcdDevice= 0.00 [ 1295.672672][ T950] BTRFS info (device loop8): using free-space-tree [ 1295.703586][T27260] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1295.767454][T30150] ocfs2: Unmounting device (7,9) on (node local) [ 1295.825055][T27260] usb 3-1: config 0 descriptor?? [ 1296.044150][ T950] BTRFS info (device loop8): rebuilding free space tree [ 1296.131817][ T984] loop6: detected capacity change from 0 to 1024 [ 1296.193352][ T984] EXT4-fs: inline encryption not supported [ 1296.257626][ T984] EXT4-fs: Ignoring removed i_version option [ 1296.308908][T27260] aquacomputer_d5next 0003:0C70:F010.0057: hidraw0: USB HID vff.fd Device [HID 0c70:f010] on usb-dummy_hcd.2-1/input0 [ 1296.435189][ T984] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1296.512700][ T950] BTRFS info (device loop8): balance: start -d -m [ 1296.561551][ T950] BTRFS info (device loop8): relocating block group 6881280 flags data|metadata [ 1296.572580][T27260] usb 3-1: USB disconnect, device number 51 [ 1296.672907][ T984] EXT4-fs error (device loop6): mb_free_blocks:2014: group 0, inode 15: block 177:freeing already freed block (bit 11); block bitmap corrupt. [ 1296.752187][ T984] EXT4-fs (loop6): Remounting filesystem read-only [ 1296.890167][ T950] BTRFS info (device loop8): balance: paused [ 1297.051803][T31207] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1297.216916][T30098] BTRFS info (device loop8): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1297.559998][ T1021] loop3: detected capacity change from 0 to 1024 [ 1297.761728][ T30] audit: type=1800 audit(1297.727:553): pid=1029 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.11471" name="file1" dev="loop3" ino=20 res=0 errno=0 [ 1297.828474][ T1024] loop8: detected capacity change from 0 to 4096 [ 1298.023303][T17475] hfsplus: b-tree write err: -5, ino 4 [ 1298.046553][ T1031] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1298.281318][ T1036] loop3: detected capacity change from 0 to 1024 [ 1298.392377][ T5909] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 1298.412843][ T1036] hfsplus: bad catalog entry type [ 1298.558670][ T1048] loop8: detected capacity change from 0 to 512 [ 1298.562144][T23048] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 1298.588153][T30271] hfsplus: b-tree write err: -5, ino 4 [ 1298.593950][ T1048] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 1298.602202][ T5909] usb 7-1: Using ep0 maxpacket: 8 [ 1298.630397][ T5909] usb 7-1: config 2 has an invalid interface number: 31 but max is 0 [ 1298.656056][ T1048] EXT4-fs (loop8): 1 truncate cleaned up [ 1298.672227][ T5909] usb 7-1: config 2 has no interface number 0 [ 1298.681209][ T1048] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1298.695600][ T5909] usb 7-1: config 2 interface 31 has no altsetting 0 [ 1298.726481][ T5909] usb 7-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 1298.759941][T23048] usb 1-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 1298.777063][ T5909] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1298.790691][T23048] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1298.820099][ T5909] usb 7-1: Product: syz [ 1298.829532][T23048] usb 1-1: Product: syz [ 1298.829562][T23048] usb 1-1: Manufacturer: syz [ 1298.829587][T23048] usb 1-1: SerialNumber: syz [ 1298.838573][ T5909] usb 7-1: Manufacturer: syz [ 1298.838608][ T5909] usb 7-1: SerialNumber: syz [ 1298.841964][T23048] usb 1-1: config 0 descriptor?? [ 1298.917888][ T1052] loop3: detected capacity change from 0 to 2048 [ 1298.942354][ T1052] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1298.975529][T30098] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1299.099099][ T1051] UDF-fs: warning (device loop3): udf_truncate_tail_extent: Too long extent after EOF in inode 1367: i_size: 0 lbcount: 512 extent 56+512 [ 1299.311515][ T5909] ch9200 7-1:2.31: probe with driver ch9200 failed with error -22 [ 1299.350657][ T5909] usb 7-1: USB disconnect, device number 21 [ 1299.499372][T23048] usb 1-1: f81604_read: reg: 105 failed: -EPROTO [ 1299.529622][T23048] f81604 1-1:0.0: Setting termination of CH#1 failed: -EPROTO [ 1299.577762][T23048] f81604 1-1:0.0: probe with driver f81604 failed with error -71 [ 1299.633146][T23048] usb 1-1: USB disconnect, device number 53 [ 1299.893279][ T1076] team0: entered allmulticast mode [ 1299.898456][ T1076] team_slave_0: entered allmulticast mode [ 1299.924441][ T1076] team_slave_1: entered allmulticast mode [ 1299.965421][ T1076] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1300.085869][ T1082] loop6: detected capacity change from 0 to 128 [ 1300.134020][ T1082] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 1300.329174][ T1082] FAT-fs (loop6): FAT read failed (blocknr 128) [ 1301.544467][ T1111] loop6: detected capacity change from 0 to 1024 [ 1301.632916][ T5850] Bluetooth: hci0: command 0x0406 tx timeout [ 1301.675376][ T1111] hfsplus: bad catalog entry type [ 1301.862976][ T1093] loop9: detected capacity change from 0 to 32768 [ 1301.863307][ T12] hfsplus: b-tree write err: -5, ino 4 [ 1302.031781][ T1093] ocfs2: Mounting device (7,9) on (node local, slot 0) with writeback data mode. [ 1302.327953][T30150] (syz-executor,30150,0):ocfs2_inode_is_valid_to_delete:885 ERROR: Skipping delete of system file 76 [ 1302.363387][ T1124] loop8: detected capacity change from 0 to 8 [ 1302.416578][T30150] ocfs2: Unmounting device (7,9) on (node local) [ 1303.005978][ T1135] loop8: detected capacity change from 0 to 1024 [ 1303.101184][ T30] audit: type=1800 audit(1303.067:554): pid=1135 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.11513" name="file1" dev="loop8" ino=20 res=0 errno=0 [ 1303.255913][T30562] hfsplus: b-tree write err: -5, ino 4 [ 1303.345704][ T1142] netlink: 24 bytes leftover after parsing attributes in process `syz.3.11516'. [ 1303.393315][ T1142] netlink: 32 bytes leftover after parsing attributes in process `syz.3.11516'. [ 1303.442167][ T1142] netlink: 32 bytes leftover after parsing attributes in process `syz.3.11516'. [ 1303.784856][ T1151] loop3: detected capacity change from 0 to 1024 [ 1303.955603][ T1155] netlink: 200 bytes leftover after parsing attributes in process `syz.0.11524'. [ 1304.042700][T30562] hfsplus: b-tree write err: -5, ino 4 [ 1304.149068][ T1160] loop8: detected capacity change from 0 to 1024 [ 1304.173717][ T1160] EXT4-fs: Ignoring removed bh option [ 1304.223825][ T1128] loop9: detected capacity change from 0 to 32768 [ 1304.262966][ T1160] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1304.293642][ T1128] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.11510 (1128) [ 1304.348777][ T1128] BTRFS info (device loop9): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1304.370281][ T1128] BTRFS info (device loop9): using xxhash64 (xxhash64-generic) checksum algorithm [ 1304.379877][ T1128] BTRFS info (device loop9): using free-space-tree [ 1304.477283][T30098] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1304.596969][ T1184] loop6: detected capacity change from 0 to 512 [ 1304.664352][ T1184] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c119, mo2=0002] [ 1304.772227][ T1184] System zones: 0-2, 18-18, 34-35 [ 1304.815302][ T1184] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1304.848977][ T1128] BTRFS info (device loop9): balance: start -susage=4294967290..4294967295,limit=0..6 [ 1304.895187][ T1128] BTRFS info (device loop9): balance: ended with status: 0 [ 1305.109104][T31207] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1305.221187][T30150] BTRFS info (device loop9): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1305.235504][ T1200] sp0: Synchronizing with TNC [ 1305.320903][ T1202] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1305.414850][ T1206] loop6: detected capacity change from 0 to 8 [ 1305.523500][ T1206] SQUASHFS error: lzo decompression failed, data probably corrupt [ 1305.573836][ T1206] SQUASHFS error: Failed to read block 0x1d2: -5 [ 1305.592563][ T1206] SQUASHFS error: Unable to read metadata cache entry [1d0] [ 1305.622509][ T1206] SQUASHFS error: Unable to read directory block [1d0:26] [ 1305.905202][T23048] usb 10-1: new high-speed USB device number 15 using dummy_hcd [ 1306.067776][ T30] audit: type=1326 audit(1306.027:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1217 comm="syz.2.11543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e0918eb69 code=0x7ffc0000 [ 1306.113219][T23048] usb 10-1: Using ep0 maxpacket: 32 [ 1306.150466][T23048] usb 10-1: New USB device found, idVendor=04b4, idProduct=861f, bcdDevice=f9.d6 [ 1306.180884][T23048] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1306.189211][ T30] audit: type=1326 audit(1306.027:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1217 comm="syz.2.11543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e0918eb69 code=0x7ffc0000 [ 1306.233637][T23048] usb 10-1: config 0 descriptor?? [ 1306.271506][T23048] usb 10-1: dvb_usb_v2: found a 'Anysee' in warm state [ 1306.296276][T23048] usb 10-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 1306.303429][ T30] audit: type=1326 audit(1306.067:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1217 comm="syz.2.11543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f1e0918eb69 code=0x7ffc0000 [ 1306.332454][T23048] dvb_usb_anysee 10-1:0.0: probe with driver dvb_usb_anysee failed with error -22 [ 1306.420519][ T30] audit: type=1326 audit(1306.067:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1217 comm="syz.2.11543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e0918eb69 code=0x7ffc0000 [ 1306.623861][T23048] usb 10-1: USB disconnect, device number 15 [ 1306.633531][ T30] audit: type=1326 audit(1306.087:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1217 comm="syz.2.11543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e0918eb69 code=0x7ffc0000 [ 1306.742266][ T30] audit: type=1326 audit(1306.087:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1217 comm="syz.2.11543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=94 compat=0 ip=0x7f1e0918eb69 code=0x7ffc0000 [ 1306.756481][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 1306.774144][ T51] Bluetooth: hci3: command 0x0405 tx timeout [ 1306.799602][ T30] audit: type=1326 audit(1306.087:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1217 comm="syz.2.11543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e0918eb69 code=0x7ffc0000 [ 1306.832925][ T30] audit: type=1326 audit(1306.087:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1217 comm="syz.2.11543" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e0918eb69 code=0x7ffc0000 [ 1307.172266][T23048] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 1307.192209][T27260] usb 1-1: new high-speed USB device number 54 using dummy_hcd [ 1307.355014][T23048] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1307.362114][T27260] usb 1-1: Using ep0 maxpacket: 8 [ 1307.395448][T23048] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1307.398785][T27260] usb 1-1: config 2 has an invalid interface number: 31 but max is 0 [ 1307.419590][T23048] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1307.428648][T27260] usb 1-1: config 2 has no interface number 0 [ 1307.439953][ T1245] loop3: detected capacity change from 0 to 256 [ 1307.452710][T27260] usb 1-1: config 2 interface 31 has no altsetting 0 [ 1307.455085][T23048] usb 7-1: Product: syz [ 1307.482570][T27260] usb 1-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 1307.490164][T23048] usb 7-1: Manufacturer: syz [ 1307.507209][T23048] usb 7-1: SerialNumber: syz [ 1307.524220][T27260] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1307.532195][ T1245] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 1307.550196][T27260] usb 1-1: Product: syz [ 1307.553512][T23048] usb 7-1: config 0 descriptor?? [ 1307.569650][T27260] usb 1-1: Manufacturer: syz [ 1307.606241][T27260] usb 1-1: SerialNumber: syz [ 1307.695133][T23048] snd-usb-audio 7-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 1307.841956][ T6351] udevd[6351]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1307.965331][T32360] usb 7-1: USB disconnect, device number 22 [ 1308.055433][ T1251] loop9: detected capacity change from 0 to 2048 [ 1308.088722][ T1253] loop3: detected capacity change from 0 to 128 [ 1308.127984][ T1253] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 1308.166485][T27260] ch9200 1-1:2.31: probe with driver ch9200 failed with error -22 [ 1308.171747][ T1254] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1308.242104][ T30] audit: type=1800 audit(1308.207:563): pid=1251 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.11558" name="file2" dev="loop9" ino=16 res=0 errno=0 [ 1308.285326][T27260] usb 1-1: USB disconnect, device number 54 [ 1308.297176][ T1239] loop8: detected capacity change from 0 to 32768 [ 1308.346836][ T1253] FAT-fs (loop3): FAT read failed (blocknr 128) [ 1308.355430][ T1239] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.11551 (1239) [ 1308.381849][ T1251] NILFS (loop9): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 3) [ 1308.420567][ T1251] NILFS error (device loop9): nilfs_bmap_propagate: broken bmap (inode number=16) [ 1308.451353][ T1251] Remounting filesystem read-only [ 1308.456941][ T1239] BTRFS info (device loop8): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1308.473904][ T1239] BTRFS info (device loop8): using xxhash64 (xxhash64-generic) checksum algorithm [ 1308.543034][ T1239] BTRFS info (device loop8): using free-space-tree [ 1308.569363][T30150] NILFS (loop9): disposed unprocessed dirty file(s) when stopping log writer [ 1308.874215][ T1275] loop3: detected capacity change from 0 to 8 [ 1308.939611][ T1239] BTRFS info (device loop8): balance: start -susage=4294967290..4294967295,limit=0..6 [ 1308.982535][ T1239] BTRFS info (device loop8): balance: ended with status: 0 [ 1309.071906][ T1275] SQUASHFS error: xz decompression failed, data probably corrupt [ 1309.124546][ T1275] SQUASHFS error: Failed to read block 0xa8: -5 [ 1309.165704][ T1275] SQUASHFS error: xz decompression failed, data probably corrupt [ 1309.212230][ T1275] SQUASHFS error: Failed to read block 0xa8: -5 [ 1309.227651][ T30] audit: type=1800 audit(1309.187:564): pid=1275 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.11559" name="file0" dev="loop3" ino=3 res=0 errno=0 [ 1309.356401][T30098] BTRFS info (device loop8): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1309.497059][ T1289] loop9: detected capacity change from 0 to 512 [ 1309.610561][ T1289] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1309.799637][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 1309.812172][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 1309.916337][ T1289] EXT4-fs error (device loop9): ext4_get_first_dir_block:3556: inode #12: comm syz.9.11566: directory missing '..' [ 1309.969837][ T1304] random: crng reseeded on system resumption [ 1310.279837][T30150] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1310.632200][T27260] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 1310.632715][ T1317] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11576'. [ 1310.817502][ T1320] team0: entered allmulticast mode [ 1310.825510][T27260] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1310.859387][T27260] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1310.870519][ T1320] team_slave_0: entered allmulticast mode [ 1310.902348][T27260] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1310.912173][ T1320] team_slave_1: entered allmulticast mode [ 1310.932336][T27260] usb 4-1: Product: syz [ 1310.942727][T27260] usb 4-1: Manufacturer: syz [ 1310.947851][T27260] usb 4-1: SerialNumber: syz [ 1310.954195][ T1320] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 1310.975710][T27260] usb 4-1: config 0 descriptor?? [ 1311.097917][T27260] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 1311.298379][ T6351] udevd[6351]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1311.336474][T32360] usb 4-1: USB disconnect, device number 34 [ 1311.449419][ T1296] loop8: detected capacity change from 0 to 32768 [ 1311.563456][ T1296] XFS (loop8): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1311.866762][ T1296] XFS (loop8): Ending clean mount [ 1311.907531][ T1296] XFS (loop8): Quotacheck needed: Please wait. [ 1312.083307][ T1296] XFS (loop8): Quotacheck: Done. [ 1312.376969][T30098] XFS (loop8): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1312.902440][T27260] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 1313.097435][T27260] usb 4-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 1313.142129][T27260] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1313.182188][T27260] usb 4-1: Product: syz [ 1313.186407][T27260] usb 4-1: Manufacturer: syz [ 1313.191018][T27260] usb 4-1: SerialNumber: syz [ 1313.195758][T30227] usb 7-1: new full-speed USB device number 23 using dummy_hcd [ 1313.251962][T27260] r8152-cfgselector 4-1: Unknown version 0x0000 [ 1313.272166][T27260] r8152-cfgselector 4-1: config 0 descriptor?? [ 1313.366373][T30227] usb 7-1: config 1 has an invalid interface number: 105 but max is 0 [ 1313.386044][T30227] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 1 [ 1313.416030][T30227] usb 7-1: config 1 has no interface number 1 [ 1313.442190][T30227] usb 7-1: config 1 interface 105 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1313.472118][T30227] usb 7-1: config 1 interface 105 has no altsetting 0 [ 1313.523825][T30227] usb 7-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 1313.552300][T30227] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1313.606540][T30227] usb 7-1: Product: syz [ 1313.610771][T30227] usb 7-1: Manufacturer: syz [ 1313.644419][T30227] usb 7-1: SerialNumber: syz [ 1313.781912][ T1064] r8152-cfgselector 4-1: USB disconnect, device number 35 [ 1313.919878][T30227] aqc111 7-1:1.105: probe with driver aqc111 failed with error -22 [ 1314.114193][ T1361] loop9: detected capacity change from 0 to 32768 [ 1314.208933][T23048] usb 7-1: USB disconnect, device number 23 [ 1314.302212][T32360] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 1314.472211][T32360] usb 3-1: Using ep0 maxpacket: 32 [ 1314.497935][T32360] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1314.532305][T32360] usb 3-1: config 128 has an invalid interface number: 127 but max is 3 [ 1314.540702][T32360] usb 3-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 1314.577495][T32360] usb 3-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 1314.591977][T32360] usb 3-1: config 128 has no interface number 0 [ 1314.598730][T32360] usb 3-1: config 128 interface 127 altsetting 14 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1314.613112][T32360] usb 3-1: config 128 interface 127 altsetting 14 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1314.624964][T32360] usb 3-1: config 128 interface 127 altsetting 14 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1314.642420][T32360] usb 3-1: config 128 interface 127 has no altsetting 0 [ 1314.653570][T32360] usb 3-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 1314.672088][T32360] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1314.688540][T32360] usb 3-1: Product: syz [ 1314.702102][T32360] usb 3-1: Manufacturer: syz [ 1314.722488][T32360] usb 3-1: SerialNumber: syz [ 1314.742283][T27260] usb 9-1: new high-speed USB device number 15 using dummy_hcd [ 1314.762562][ T1366] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1314.972796][T27260] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1315.030891][T27260] usb 9-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00 [ 1315.082277][T27260] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1315.144031][T27260] usb 9-1: config 0 descriptor?? [ 1315.200542][T32360] usb 3-1: USB disconnect, device number 52 [ 1315.327854][ T6904] udevd[6904]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1315.627924][T27260] dragonrise 0003:0079:0006.0058: hidraw0: USB HID v0.00 Device [HID 0079:0006] on usb-dummy_hcd.8-1/input0 [ 1315.704721][T27260] dragonrise 0003:0079:0006.0058: no inputs found [ 1315.743067][T27260] dragonrise 0003:0079:0006.0058: force feedback init failed [ 1315.883437][T27260] usb 9-1: USB disconnect, device number 15 [ 1315.907055][ T1392] ================================================================== [ 1315.915175][ T1392] BUG: KASAN: slab-use-after-free in move_to_new_folio+0xef/0x400 [ 1315.923012][ T1392] Read of size 8 at addr ffff8880788d13a0 by task syz.6.11608/1392 [ 1315.930925][ T1392] [ 1315.933265][ T1392] CPU: 0 UID: 0 PID: 1392 Comm: syz.6.11608 Not tainted 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) [ 1315.933318][ T1392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1315.933344][ T1392] Call Trace: [ 1315.933357][ T1392] [ 1315.933372][ T1392] dump_stack_lvl+0x116/0x1f0 [ 1315.933434][ T1392] print_report+0xcd/0x630 [ 1315.933495][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1315.933545][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1315.933594][ T1392] ? __phys_addr+0xe8/0x180 [ 1315.933649][ T1392] ? move_to_new_folio+0xef/0x400 [ 1315.933689][ T1392] kasan_report+0xe0/0x110 [ 1315.933755][ T1392] ? move_to_new_folio+0xef/0x400 [ 1315.933801][ T1392] kasan_check_range+0x100/0x1b0 [ 1315.933847][ T1392] move_to_new_folio+0xef/0x400 [ 1315.933889][ T1392] migrate_pages_batch+0x1fab/0x3bd0 [ 1315.933936][ T1392] ? __pfx_compaction_free+0x10/0x10 [ 1315.933993][ T1392] ? __pfx_migrate_pages_batch+0x10/0x10 [ 1315.934048][ T1392] migrate_pages_sync+0x12d/0x8a0 [ 1315.934092][ T1392] ? __pfx_compaction_alloc+0x10/0x10 [ 1315.934228][ T1392] ? __pfx_compaction_free+0x10/0x10 [ 1315.934320][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1315.934420][ T1392] ? __lock_acquire+0x622/0x1c90 [ 1315.934579][ T1392] ? __pfx_migrate_pages_sync+0x10/0x10 [ 1315.934623][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1315.934683][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1315.934739][ T1392] migrate_pages+0x1b67/0x23b0 [ 1315.934785][ T1392] ? __pfx_compaction_alloc+0x10/0x10 [ 1315.934829][ T1392] ? __pfx_compaction_free+0x10/0x10 [ 1315.934882][ T1392] ? __pfx_migrate_pages+0x10/0x10 [ 1315.934931][ T1392] ? __pfx_isolate_migratepages_block+0x10/0x10 [ 1315.934984][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1315.935033][ T1392] ? pfn_to_online_page+0x1de/0x560 [ 1315.935092][ T1392] compact_zone+0x2018/0x4760 [ 1315.935147][ T1392] ? __free_object+0x270/0x400 [ 1315.935194][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1315.935250][ T1392] ? __pfx_debug_object_free+0x10/0x10 [ 1315.935302][ T1392] ? __pfx_compact_zone+0x10/0x10 [ 1315.935348][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1315.935411][ T1392] ? __flush_work+0x4d0/0xcc0 [ 1315.935463][ T1392] compact_node+0x1a4/0x2d0 [ 1315.935512][ T1392] ? __pfx_compact_node+0x10/0x10 [ 1315.935586][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1315.935634][ T1392] ? __lru_add_drain_all+0xe7/0x6f0 [ 1315.935700][ T1392] sysctl_compaction_handler+0x141/0x210 [ 1315.935755][ T1392] proc_sys_call_handler+0x440/0x570 [ 1315.935810][ T1392] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 1315.935863][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1315.935912][ T1392] ? splice_from_pipe_next+0x1f8/0x5d0 [ 1315.935981][ T1392] iter_file_splice_write+0x91f/0x1150 [ 1315.936059][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1315.936112][ T1392] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1315.936180][ T1392] ? __pfx_copy_splice_read+0x10/0x10 [ 1315.936253][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1315.936305][ T1392] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1315.936370][ T1392] direct_splice_actor+0x192/0x6c0 [ 1315.936445][ T1392] splice_direct_to_actor+0x345/0xa30 [ 1315.936508][ T1392] ? __pfx_direct_splice_actor+0x10/0x10 [ 1315.936576][ T1392] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1315.936641][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1315.936694][ T1392] do_splice_direct+0x174/0x240 [ 1315.936752][ T1392] ? __pfx_do_splice_direct+0x10/0x10 [ 1315.936815][ T1392] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1315.936879][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1315.936929][ T1392] ? rw_verify_area+0xcf/0x6c0 [ 1315.936986][ T1392] do_sendfile+0xb06/0xe50 [ 1315.937050][ T1392] ? __pfx_do_sendfile+0x10/0x10 [ 1315.937119][ T1392] __x64_sys_sendfile64+0x154/0x220 [ 1315.937162][ T1392] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1315.937205][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1315.937263][ T1392] do_syscall_64+0xcd/0x4c0 [ 1315.937331][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1315.937374][ T1392] RIP: 0033:0x7f36c158eb69 [ 1315.937414][ T1392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1315.937456][ T1392] RSP: 002b:00007f36c23e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1315.937497][ T1392] RAX: ffffffffffffffda RBX: 00007f36c17b5fa0 RCX: 00007f36c158eb69 [ 1315.937526][ T1392] RDX: 00002000000000c0 RSI: 0000000000000003 RDI: 0000000000000004 [ 1315.937553][ T1392] RBP: 00007f36c1611df1 R08: 0000000000000000 R09: 0000000000000000 [ 1315.937581][ T1392] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 1315.937607][ T1392] R13: 0000000000000000 R14: 00007f36c17b5fa0 R15: 00007ffd6c00e3d8 [ 1315.937650][ T1392] [ 1315.937665][ T1392] [ 1316.395497][ T1392] Allocated by task 31875: [ 1316.399918][ T1392] kasan_save_stack+0x33/0x60 [ 1316.404644][ T1392] kasan_save_track+0x14/0x30 [ 1316.409352][ T1392] __kasan_slab_alloc+0x89/0x90 [ 1316.414232][ T1392] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 1316.419717][ T1392] gfs2_glock_get+0x1e5/0x1230 [ 1316.424509][ T1392] gfs2_inode_lookup+0x277/0x8a0 [ 1316.429468][ T1392] gfs2_dir_search+0x22a/0x2e0 [ 1316.434251][ T1392] gfs2_lookupi+0x4b7/0x6e0 [ 1316.438778][ T1392] init_inodes+0x869/0x2eb0 [ 1316.443295][ T1392] gfs2_fill_super+0x1be2/0x2d30 [ 1316.448260][ T1392] get_tree_bdev_flags+0x38c/0x620 [ 1316.453424][ T1392] gfs2_get_tree+0x4e/0x280 [ 1316.457954][ T1392] vfs_get_tree+0x8e/0x340 [ 1316.462413][ T1392] path_mount+0x1482/0x1fd0 [ 1316.466942][ T1392] __x64_sys_mount+0x28d/0x310 [ 1316.471726][ T1392] do_syscall_64+0xcd/0x4c0 [ 1316.476278][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1316.482202][ T1392] [ 1316.484527][ T1392] Freed by task 23: [ 1316.488337][ T1392] kasan_save_stack+0x33/0x60 [ 1316.493060][ T1392] kasan_save_track+0x14/0x30 [ 1316.497779][ T1392] kasan_save_free_info+0x3b/0x60 [ 1316.502831][ T1392] __kasan_slab_free+0x51/0x70 [ 1316.507642][ T1392] kmem_cache_free+0x2d1/0x4d0 [ 1316.512443][ T1392] gfs2_glock_dealloc+0xd0/0x150 [ 1316.517410][ T1392] rcu_core+0x79c/0x1530 [ 1316.521669][ T1392] handle_softirqs+0x219/0x8e0 [ 1316.526462][ T1392] run_ksoftirqd+0x3a/0x60 [ 1316.530905][ T1392] smpboot_thread_fn+0x3f7/0xae0 [ 1316.535887][ T1392] kthread+0x3c5/0x780 [ 1316.539982][ T1392] ret_from_fork+0x5d7/0x6f0 [ 1316.544596][ T1392] ret_from_fork_asm+0x1a/0x30 [ 1316.549426][ T1392] [ 1316.551741][ T1392] Last potentially related work creation: [ 1316.557446][ T1392] kasan_save_stack+0x33/0x60 [ 1316.562156][ T1392] kasan_record_aux_stack+0xa7/0xc0 [ 1316.567366][ T1392] __call_rcu_common.constprop.0+0xa5/0xa10 [ 1316.573267][ T1392] gfs2_glock_free+0x35/0x90 [ 1316.577879][ T1392] glock_work_func+0x396/0x4d0 [ 1316.582647][ T1392] process_one_work+0x9cf/0x1b70 [ 1316.587592][ T1392] worker_thread+0x6c8/0xf10 [ 1316.592190][ T1392] kthread+0x3c5/0x780 [ 1316.596259][ T1392] ret_from_fork+0x5d7/0x6f0 [ 1316.600850][ T1392] ret_from_fork_asm+0x1a/0x30 [ 1316.605631][ T1392] [ 1316.607946][ T1392] Second to last potentially related work creation: [ 1316.614519][ T1392] kasan_save_stack+0x33/0x60 [ 1316.619221][ T1392] kasan_record_aux_stack+0xa7/0xc0 [ 1316.624432][ T1392] insert_work+0x36/0x230 [ 1316.628769][ T1392] __queue_work+0x97e/0x1160 [ 1316.633366][ T1392] __queue_delayed_work+0x35b/0x460 [ 1316.638622][ T1392] queue_delayed_work_on+0x1b5/0x200 [ 1316.643923][ T1392] gfs2_glock_queue_work+0x75/0x120 [ 1316.649157][ T1392] clear_glock+0xa7/0xe0 [ 1316.653425][ T1392] glock_hash_walk+0x12c/0x1c0 [ 1316.658205][ T1392] gfs2_gl_hash_clear+0x103/0x780 [ 1316.663256][ T1392] gfs2_fill_super+0x2524/0x2d30 [ 1316.668218][ T1392] get_tree_bdev_flags+0x38c/0x620 [ 1316.673356][ T1392] gfs2_get_tree+0x4e/0x280 [ 1316.677874][ T1392] vfs_get_tree+0x8e/0x340 [ 1316.682304][ T1392] path_mount+0x1482/0x1fd0 [ 1316.686811][ T1392] __x64_sys_mount+0x28d/0x310 [ 1316.691578][ T1392] do_syscall_64+0xcd/0x4c0 [ 1316.696104][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1316.702012][ T1392] [ 1316.704333][ T1392] The buggy address belongs to the object at ffff8880788d0fd8 [ 1316.704333][ T1392] which belongs to the cache gfs2_glock(aspace) of size 1224 [ 1316.719086][ T1392] The buggy address is located 968 bytes inside of [ 1316.719086][ T1392] freed 1224-byte region [ffff8880788d0fd8, ffff8880788d14a0) [ 1316.732983][ T1392] [ 1316.735304][ T1392] The buggy address belongs to the physical page: [ 1316.741703][ T1392] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880788d0548 pfn:0x788d0 [ 1316.751773][ T1392] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1316.760278][ T1392] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1316.767834][ T1392] page_type: f5(slab) [ 1316.771826][ T1392] raw: 00fff00000000040 ffff888146ef3b40 dead000000000122 0000000000000000 [ 1316.780424][ T1392] raw: ffff8880788d0548 00000000800c0007 00000000f5000000 0000000000000000 [ 1316.789046][ T1392] head: 00fff00000000040 ffff888146ef3b40 dead000000000122 0000000000000000 [ 1316.797729][ T1392] head: ffff8880788d0548 00000000800c0007 00000000f5000000 0000000000000000 [ 1316.806423][ T1392] head: 00fff00000000002 ffffea0001e23401 00000000ffffffff 00000000ffffffff [ 1316.815117][ T1392] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 1316.823797][ T1392] page dumped because: kasan: bad access detected [ 1316.830209][ T1392] page_owner tracks the page as allocated [ 1316.835920][ T1392] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 31875, tgid 31874 (syz.6.10882), ts 1229886871877, free_ts 1229839928771 [ 1316.856984][ T1392] post_alloc_hook+0x1c0/0x230 [ 1316.861784][ T1392] get_page_from_freelist+0x132b/0x38e0 [ 1316.867358][ T1392] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 1316.873295][ T1392] alloc_pages_mpol+0x1fb/0x550 [ 1316.878194][ T1392] new_slab+0x247/0x330 [ 1316.882364][ T1392] ___slab_alloc+0xd1e/0x1780 [ 1316.887056][ T1392] __slab_alloc.constprop.0+0x56/0xb0 [ 1316.892443][ T1392] kmem_cache_alloc_noprof+0xef/0x3b0 [ 1316.897841][ T1392] gfs2_glock_get+0x1e5/0x1230 [ 1316.902640][ T1392] gfs2_inode_lookup+0x277/0x8a0 [ 1316.907601][ T1392] gfs2_lookup_root+0x57/0x130 [ 1316.912382][ T1392] init_sb+0xae5/0x10d0 [ 1316.916563][ T1392] gfs2_fill_super+0x1967/0x2d30 [ 1316.921517][ T1392] get_tree_bdev_flags+0x38c/0x620 [ 1316.926652][ T1392] gfs2_get_tree+0x4e/0x280 [ 1316.931173][ T1392] vfs_get_tree+0x8e/0x340 [ 1316.935605][ T1392] page last free pid 5206 tgid 5206 stack trace: [ 1316.941926][ T1392] __free_frozen_pages+0x7d5/0x10f0 [ 1316.947139][ T1392] qlist_free_all+0x4d/0x120 [ 1316.951751][ T1392] kasan_quarantine_reduce+0x195/0x1e0 [ 1316.957230][ T1392] __kasan_slab_alloc+0x69/0x90 [ 1316.962109][ T1392] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 1316.967646][ T1392] flock_lock_inode+0xbe8/0x1030 [ 1316.972608][ T1392] locks_lock_inode_wait+0x1da/0x490 [ 1316.977920][ T1392] __do_sys_flock+0x446/0x520 [ 1316.982620][ T1392] do_syscall_64+0xcd/0x4c0 [ 1316.987154][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1316.993066][ T1392] [ 1316.995385][ T1392] Memory state around the buggy address: [ 1317.001008][ T1392] ffff8880788d1280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1317.009091][ T1392] ffff8880788d1300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1317.017185][ T1392] >ffff8880788d1380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1317.025257][ T1392] ^ [ 1317.030372][ T1392] ffff8880788d1400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1317.038444][ T1392] ffff8880788d1480: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 1317.046508][ T1392] ================================================================== [ 1317.076092][ T1392] Disabling lock debugging due to kernel taint [ 1317.083922][ T1392] ================================================================== [ 1317.092017][ T1392] BUG: KASAN: slab-use-after-free in move_to_new_folio+0x3bf/0x400 [ 1317.099945][ T1392] Read of size 8 at addr ffff8880788d13a0 by task syz.6.11608/1392 [ 1317.107851][ T1392] [ 1317.110191][ T1392] CPU: 0 UID: 0 PID: 1392 Comm: syz.6.11608 Tainted: G B 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) [ 1317.110253][ T1392] Tainted: [B]=BAD_PAGE [ 1317.110267][ T1392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1317.110292][ T1392] Call Trace: [ 1317.110304][ T1392] [ 1317.110317][ T1392] dump_stack_lvl+0x116/0x1f0 [ 1317.110379][ T1392] print_report+0xcd/0x630 [ 1317.110439][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1317.110487][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1317.110534][ T1392] ? __phys_addr+0xe8/0x180 [ 1317.110587][ T1392] ? move_to_new_folio+0x3bf/0x400 [ 1317.110625][ T1392] kasan_report+0xe0/0x110 [ 1317.110686][ T1392] ? move_to_new_folio+0x3bf/0x400 [ 1317.110730][ T1392] move_to_new_folio+0x3bf/0x400 [ 1317.110770][ T1392] migrate_pages_batch+0x1fab/0x3bd0 [ 1317.110814][ T1392] ? __pfx_compaction_free+0x10/0x10 [ 1317.110868][ T1392] ? __pfx_migrate_pages_batch+0x10/0x10 [ 1317.110920][ T1392] migrate_pages_sync+0x12d/0x8a0 [ 1317.110964][ T1392] ? __pfx_compaction_alloc+0x10/0x10 [ 1317.111006][ T1392] ? __pfx_compaction_free+0x10/0x10 [ 1317.111050][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1317.111098][ T1392] ? __lock_acquire+0x622/0x1c90 [ 1317.111173][ T1392] ? __pfx_migrate_pages_sync+0x10/0x10 [ 1317.111214][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1317.111270][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1317.111323][ T1392] migrate_pages+0x1b67/0x23b0 [ 1317.111367][ T1392] ? __pfx_compaction_alloc+0x10/0x10 [ 1317.111411][ T1392] ? __pfx_compaction_free+0x10/0x10 [ 1317.111462][ T1392] ? __pfx_migrate_pages+0x10/0x10 [ 1317.111510][ T1392] ? __pfx_isolate_migratepages_block+0x10/0x10 [ 1317.111561][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1317.111610][ T1392] ? pfn_to_online_page+0x1de/0x560 [ 1317.111668][ T1392] compact_zone+0x2018/0x4760 [ 1317.111721][ T1392] ? __free_object+0x270/0x400 [ 1317.111771][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1317.111826][ T1392] ? __pfx_debug_object_free+0x10/0x10 [ 1317.111883][ T1392] ? __pfx_compact_zone+0x10/0x10 [ 1317.111929][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1317.111979][ T1392] ? __flush_work+0x4d0/0xcc0 [ 1317.112029][ T1392] compact_node+0x1a4/0x2d0 [ 1317.112073][ T1392] ? __pfx_compact_node+0x10/0x10 [ 1317.112139][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1317.112192][ T1392] ? __lru_add_drain_all+0xe7/0x6f0 [ 1317.112253][ T1392] sysctl_compaction_handler+0x141/0x210 [ 1317.112305][ T1392] proc_sys_call_handler+0x440/0x570 [ 1317.112355][ T1392] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 1317.112405][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1317.112451][ T1392] ? splice_from_pipe_next+0x1f8/0x5d0 [ 1317.112514][ T1392] iter_file_splice_write+0x91f/0x1150 [ 1317.112584][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1317.112628][ T1392] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1317.112688][ T1392] ? __pfx_copy_splice_read+0x10/0x10 [ 1317.112748][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1317.112796][ T1392] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1317.112858][ T1392] direct_splice_actor+0x192/0x6c0 [ 1317.112918][ T1392] splice_direct_to_actor+0x345/0xa30 [ 1317.112976][ T1392] ? __pfx_direct_splice_actor+0x10/0x10 [ 1317.113039][ T1392] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1317.113099][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1317.113157][ T1392] do_splice_direct+0x174/0x240 [ 1317.113214][ T1392] ? __pfx_do_splice_direct+0x10/0x10 [ 1317.113271][ T1392] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1317.113330][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1317.113377][ T1392] ? rw_verify_area+0xcf/0x6c0 [ 1317.113429][ T1392] do_sendfile+0xb06/0xe50 [ 1317.113486][ T1392] ? __pfx_do_sendfile+0x10/0x10 [ 1317.113547][ T1392] __x64_sys_sendfile64+0x154/0x220 [ 1317.113588][ T1392] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1317.113630][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1317.113683][ T1392] do_syscall_64+0xcd/0x4c0 [ 1317.113745][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1317.113783][ T1392] RIP: 0033:0x7f36c158eb69 [ 1317.113812][ T1392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1317.113849][ T1392] RSP: 002b:00007f36c23e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1317.113886][ T1392] RAX: ffffffffffffffda RBX: 00007f36c17b5fa0 RCX: 00007f36c158eb69 [ 1317.113912][ T1392] RDX: 00002000000000c0 RSI: 0000000000000003 RDI: 0000000000000004 [ 1317.113936][ T1392] RBP: 00007f36c1611df1 R08: 0000000000000000 R09: 0000000000000000 [ 1317.113961][ T1392] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 1317.113986][ T1392] R13: 0000000000000000 R14: 00007f36c17b5fa0 R15: 00007ffd6c00e3d8 [ 1317.114024][ T1392] [ 1317.114038][ T1392] [ 1317.572536][ T1392] Allocated by task 31875: [ 1317.576949][ T1392] kasan_save_stack+0x33/0x60 [ 1317.581661][ T1392] kasan_save_track+0x14/0x30 [ 1317.586370][ T1392] __kasan_slab_alloc+0x89/0x90 [ 1317.591259][ T1392] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 1317.596755][ T1392] gfs2_glock_get+0x1e5/0x1230 [ 1317.601557][ T1392] gfs2_inode_lookup+0x277/0x8a0 [ 1317.606531][ T1392] gfs2_dir_search+0x22a/0x2e0 [ 1317.611322][ T1392] gfs2_lookupi+0x4b7/0x6e0 [ 1317.615857][ T1392] init_inodes+0x869/0x2eb0 [ 1317.620370][ T1392] gfs2_fill_super+0x1be2/0x2d30 [ 1317.625324][ T1392] get_tree_bdev_flags+0x38c/0x620 [ 1317.630461][ T1392] gfs2_get_tree+0x4e/0x280 [ 1317.634978][ T1392] vfs_get_tree+0x8e/0x340 [ 1317.639423][ T1392] path_mount+0x1482/0x1fd0 [ 1317.643930][ T1392] __x64_sys_mount+0x28d/0x310 [ 1317.648697][ T1392] do_syscall_64+0xcd/0x4c0 [ 1317.653223][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1317.659121][ T1392] [ 1317.661433][ T1392] Freed by task 23: [ 1317.665232][ T1392] kasan_save_stack+0x33/0x60 [ 1317.669934][ T1392] kasan_save_track+0x14/0x30 [ 1317.674640][ T1392] kasan_save_free_info+0x3b/0x60 [ 1317.679676][ T1392] __kasan_slab_free+0x51/0x70 [ 1317.684463][ T1392] kmem_cache_free+0x2d1/0x4d0 [ 1317.689246][ T1392] gfs2_glock_dealloc+0xd0/0x150 [ 1317.694200][ T1392] rcu_core+0x79c/0x1530 [ 1317.698449][ T1392] handle_softirqs+0x219/0x8e0 [ 1317.703223][ T1392] run_ksoftirqd+0x3a/0x60 [ 1317.707650][ T1392] smpboot_thread_fn+0x3f7/0xae0 [ 1317.712606][ T1392] kthread+0x3c5/0x780 [ 1317.716676][ T1392] ret_from_fork+0x5d7/0x6f0 [ 1317.721271][ T1392] ret_from_fork_asm+0x1a/0x30 [ 1317.726052][ T1392] [ 1317.728368][ T1392] Last potentially related work creation: [ 1317.734073][ T1392] kasan_save_stack+0x33/0x60 [ 1317.738772][ T1392] kasan_record_aux_stack+0xa7/0xc0 [ 1317.743983][ T1392] __call_rcu_common.constprop.0+0xa5/0xa10 [ 1317.749893][ T1392] gfs2_glock_free+0x35/0x90 [ 1317.754517][ T1392] glock_work_func+0x396/0x4d0 [ 1317.759293][ T1392] process_one_work+0x9cf/0x1b70 [ 1317.764248][ T1392] worker_thread+0x6c8/0xf10 [ 1317.768853][ T1392] kthread+0x3c5/0x780 [ 1317.772931][ T1392] ret_from_fork+0x5d7/0x6f0 [ 1317.777532][ T1392] ret_from_fork_asm+0x1a/0x30 [ 1317.782323][ T1392] [ 1317.784643][ T1392] Second to last potentially related work creation: [ 1317.791230][ T1392] kasan_save_stack+0x33/0x60 [ 1317.795945][ T1392] kasan_record_aux_stack+0xa7/0xc0 [ 1317.801175][ T1392] insert_work+0x36/0x230 [ 1317.805520][ T1392] __queue_work+0x97e/0x1160 [ 1317.810128][ T1392] __queue_delayed_work+0x35b/0x460 [ 1317.815355][ T1392] queue_delayed_work_on+0x1b5/0x200 [ 1317.820662][ T1392] gfs2_glock_queue_work+0x75/0x120 [ 1317.825890][ T1392] clear_glock+0xa7/0xe0 [ 1317.830160][ T1392] glock_hash_walk+0x12c/0x1c0 [ 1317.834947][ T1392] gfs2_gl_hash_clear+0x103/0x780 [ 1317.840004][ T1392] gfs2_fill_super+0x2524/0x2d30 [ 1317.844958][ T1392] get_tree_bdev_flags+0x38c/0x620 [ 1317.850094][ T1392] gfs2_get_tree+0x4e/0x280 [ 1317.854610][ T1392] vfs_get_tree+0x8e/0x340 [ 1317.859044][ T1392] path_mount+0x1482/0x1fd0 [ 1317.863551][ T1392] __x64_sys_mount+0x28d/0x310 [ 1317.868332][ T1392] do_syscall_64+0xcd/0x4c0 [ 1317.872880][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1317.878781][ T1392] [ 1317.881101][ T1392] The buggy address belongs to the object at ffff8880788d0fd8 [ 1317.881101][ T1392] which belongs to the cache gfs2_glock(aspace) of size 1224 [ 1317.895851][ T1392] The buggy address is located 968 bytes inside of [ 1317.895851][ T1392] freed 1224-byte region [ffff8880788d0fd8, ffff8880788d14a0) [ 1317.909747][ T1392] [ 1317.912066][ T1392] The buggy address belongs to the physical page: [ 1317.918470][ T1392] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880788d0548 pfn:0x788d0 [ 1317.928571][ T1392] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1317.937083][ T1392] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1317.944637][ T1392] page_type: f5(slab) [ 1317.948627][ T1392] raw: 00fff00000000040 ffff888146ef3b40 dead000000000122 0000000000000000 [ 1317.957226][ T1392] raw: ffff8880788d0548 00000000800c0007 00000000f5000000 0000000000000000 [ 1317.965823][ T1392] head: 00fff00000000040 ffff888146ef3b40 dead000000000122 0000000000000000 [ 1317.974515][ T1392] head: ffff8880788d0548 00000000800c0007 00000000f5000000 0000000000000000 [ 1317.983217][ T1392] head: 00fff00000000002 ffffea0001e23401 00000000ffffffff 00000000ffffffff [ 1317.991903][ T1392] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 1318.000574][ T1392] page dumped because: kasan: bad access detected [ 1318.006984][ T1392] page_owner tracks the page as allocated [ 1318.012693][ T1392] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 31875, tgid 31874 (syz.6.10882), ts 1229886871877, free_ts 1229839928771 [ 1318.033747][ T1392] post_alloc_hook+0x1c0/0x230 [ 1318.038537][ T1392] get_page_from_freelist+0x132b/0x38e0 [ 1318.044198][ T1392] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 1318.050127][ T1392] alloc_pages_mpol+0x1fb/0x550 [ 1318.055017][ T1392] new_slab+0x247/0x330 [ 1318.059188][ T1392] ___slab_alloc+0xd1e/0x1780 [ 1318.063886][ T1392] __slab_alloc.constprop.0+0x56/0xb0 [ 1318.069280][ T1392] kmem_cache_alloc_noprof+0xef/0x3b0 [ 1318.074674][ T1392] gfs2_glock_get+0x1e5/0x1230 [ 1318.079463][ T1392] gfs2_inode_lookup+0x277/0x8a0 [ 1318.084419][ T1392] gfs2_lookup_root+0x57/0x130 [ 1318.089198][ T1392] init_sb+0xae5/0x10d0 [ 1318.093365][ T1392] gfs2_fill_super+0x1967/0x2d30 [ 1318.098321][ T1392] get_tree_bdev_flags+0x38c/0x620 [ 1318.103457][ T1392] gfs2_get_tree+0x4e/0x280 [ 1318.107980][ T1392] vfs_get_tree+0x8e/0x340 [ 1318.112412][ T1392] page last free pid 5206 tgid 5206 stack trace: [ 1318.118731][ T1392] __free_frozen_pages+0x7d5/0x10f0 [ 1318.123946][ T1392] qlist_free_all+0x4d/0x120 [ 1318.128556][ T1392] kasan_quarantine_reduce+0x195/0x1e0 [ 1318.134033][ T1392] __kasan_slab_alloc+0x69/0x90 [ 1318.138911][ T1392] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 1318.144402][ T1392] flock_lock_inode+0xbe8/0x1030 [ 1318.149364][ T1392] locks_lock_inode_wait+0x1da/0x490 [ 1318.154671][ T1392] __do_sys_flock+0x446/0x520 [ 1318.159380][ T1392] do_syscall_64+0xcd/0x4c0 [ 1318.163920][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1318.169863][ T1392] [ 1318.172185][ T1392] Memory state around the buggy address: [ 1318.177819][ T1392] ffff8880788d1280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1318.185900][ T1392] ffff8880788d1300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1318.193969][ T1392] >ffff8880788d1380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1318.202032][ T1392] ^ [ 1318.207140][ T1392] ffff8880788d1400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1318.215212][ T1392] ffff8880788d1480: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 1318.223622][ T1392] ================================================================== [ 1318.282130][ T1392] ================================================================== [ 1318.290236][ T1392] BUG: KASAN: slab-use-after-free in move_to_new_folio+0x3d3/0x400 [ 1318.298160][ T1392] Read of size 8 at addr ffff8880788d1398 by task syz.6.11608/1392 [ 1318.306074][ T1392] [ 1318.308415][ T1392] CPU: 1 UID: 0 PID: 1392 Comm: syz.6.11608 Tainted: G B 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) [ 1318.308483][ T1392] Tainted: [B]=BAD_PAGE [ 1318.308498][ T1392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1318.308524][ T1392] Call Trace: [ 1318.308537][ T1392] [ 1318.308551][ T1392] dump_stack_lvl+0x116/0x1f0 [ 1318.308613][ T1392] print_report+0xcd/0x630 [ 1318.308672][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1318.308721][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1318.308768][ T1392] ? __phys_addr+0xe8/0x180 [ 1318.308820][ T1392] ? move_to_new_folio+0x3d3/0x400 [ 1318.308859][ T1392] kasan_report+0xe0/0x110 [ 1318.308923][ T1392] ? move_to_new_folio+0x3d3/0x400 [ 1318.308969][ T1392] move_to_new_folio+0x3d3/0x400 [ 1318.309010][ T1392] migrate_pages_batch+0x1fab/0x3bd0 [ 1318.309075][ T1392] ? __pfx_compaction_free+0x10/0x10 [ 1318.309130][ T1392] ? __pfx_migrate_pages_batch+0x10/0x10 [ 1318.309182][ T1392] migrate_pages_sync+0x12d/0x8a0 [ 1318.309227][ T1392] ? __pfx_compaction_alloc+0x10/0x10 [ 1318.309272][ T1392] ? __pfx_compaction_free+0x10/0x10 [ 1318.309317][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1318.309366][ T1392] ? __lock_acquire+0x622/0x1c90 [ 1318.309436][ T1392] ? __pfx_migrate_pages_sync+0x10/0x10 [ 1318.309478][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1318.309535][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1318.309589][ T1392] migrate_pages+0x1b67/0x23b0 [ 1318.309633][ T1392] ? __pfx_compaction_alloc+0x10/0x10 [ 1318.309678][ T1392] ? __pfx_compaction_free+0x10/0x10 [ 1318.309730][ T1392] ? __pfx_migrate_pages+0x10/0x10 [ 1318.309777][ T1392] ? __pfx_isolate_migratepages_block+0x10/0x10 [ 1318.309829][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1318.309877][ T1392] ? pfn_to_online_page+0x1de/0x560 [ 1318.309936][ T1392] compact_zone+0x2018/0x4760 [ 1318.309989][ T1392] ? __free_object+0x270/0x400 [ 1318.310039][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1318.310095][ T1392] ? __pfx_debug_object_free+0x10/0x10 [ 1318.310152][ T1392] ? __pfx_compact_zone+0x10/0x10 [ 1318.310197][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1318.310247][ T1392] ? __flush_work+0x4d0/0xcc0 [ 1318.310297][ T1392] compact_node+0x1a4/0x2d0 [ 1318.310345][ T1392] ? __pfx_compact_node+0x10/0x10 [ 1318.310415][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1318.310472][ T1392] ? __lru_add_drain_all+0xe7/0x6f0 [ 1318.310536][ T1392] sysctl_compaction_handler+0x141/0x210 [ 1318.310589][ T1392] proc_sys_call_handler+0x440/0x570 [ 1318.310643][ T1392] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 1318.310694][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1318.310742][ T1392] ? splice_from_pipe_next+0x1f8/0x5d0 [ 1318.310810][ T1392] iter_file_splice_write+0x91f/0x1150 [ 1318.310884][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1318.310935][ T1392] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1318.311002][ T1392] ? __pfx_copy_splice_read+0x10/0x10 [ 1318.311071][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1318.311122][ T1392] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1318.311185][ T1392] direct_splice_actor+0x192/0x6c0 [ 1318.311249][ T1392] splice_direct_to_actor+0x345/0xa30 [ 1318.311310][ T1392] ? __pfx_direct_splice_actor+0x10/0x10 [ 1318.311374][ T1392] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1318.311441][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1318.311492][ T1392] do_splice_direct+0x174/0x240 [ 1318.311549][ T1392] ? __pfx_do_splice_direct+0x10/0x10 [ 1318.311606][ T1392] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1318.311666][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1318.311713][ T1392] ? rw_verify_area+0xcf/0x6c0 [ 1318.311765][ T1392] do_sendfile+0xb06/0xe50 [ 1318.311823][ T1392] ? __pfx_do_sendfile+0x10/0x10 [ 1318.311886][ T1392] __x64_sys_sendfile64+0x154/0x220 [ 1318.311927][ T1392] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1318.311969][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1318.312023][ T1392] do_syscall_64+0xcd/0x4c0 [ 1318.312085][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1318.312124][ T1392] RIP: 0033:0x7f36c158eb69 [ 1318.312154][ T1392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1318.312193][ T1392] RSP: 002b:00007f36c23e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1318.312230][ T1392] RAX: ffffffffffffffda RBX: 00007f36c17b5fa0 RCX: 00007f36c158eb69 [ 1318.312259][ T1392] RDX: 00002000000000c0 RSI: 0000000000000003 RDI: 0000000000000004 [ 1318.312285][ T1392] RBP: 00007f36c1611df1 R08: 0000000000000000 R09: 0000000000000000 [ 1318.312310][ T1392] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 1318.312335][ T1392] R13: 0000000000000000 R14: 00007f36c17b5fa0 R15: 00007ffd6c00e3d8 [ 1318.312373][ T1392] [ 1318.312387][ T1392] [ 1318.770967][ T1392] Allocated by task 31875: [ 1318.775381][ T1392] kasan_save_stack+0x33/0x60 [ 1318.780094][ T1392] kasan_save_track+0x14/0x30 [ 1318.784794][ T1392] __kasan_slab_alloc+0x89/0x90 [ 1318.789670][ T1392] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 1318.795158][ T1392] gfs2_glock_get+0x1e5/0x1230 [ 1318.799950][ T1392] gfs2_inode_lookup+0x277/0x8a0 [ 1318.804910][ T1392] gfs2_dir_search+0x22a/0x2e0 [ 1318.809692][ T1392] gfs2_lookupi+0x4b7/0x6e0 [ 1318.814220][ T1392] init_inodes+0x869/0x2eb0 [ 1318.818737][ T1392] gfs2_fill_super+0x1be2/0x2d30 [ 1318.823691][ T1392] get_tree_bdev_flags+0x38c/0x620 [ 1318.828829][ T1392] gfs2_get_tree+0x4e/0x280 [ 1318.833344][ T1392] vfs_get_tree+0x8e/0x340 [ 1318.837780][ T1392] path_mount+0x1482/0x1fd0 [ 1318.842287][ T1392] __x64_sys_mount+0x28d/0x310 [ 1318.847067][ T1392] do_syscall_64+0xcd/0x4c0 [ 1318.851596][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1318.857501][ T1392] [ 1318.859817][ T1392] Freed by task 23: [ 1318.863614][ T1392] kasan_save_stack+0x33/0x60 [ 1318.868319][ T1392] kasan_save_track+0x14/0x30 [ 1318.873016][ T1392] kasan_save_free_info+0x3b/0x60 [ 1318.878060][ T1392] __kasan_slab_free+0x51/0x70 [ 1318.882850][ T1392] kmem_cache_free+0x2d1/0x4d0 [ 1318.887637][ T1392] gfs2_glock_dealloc+0xd0/0x150 [ 1318.892598][ T1392] rcu_core+0x79c/0x1530 [ 1318.896854][ T1392] handle_softirqs+0x219/0x8e0 [ 1318.901635][ T1392] run_ksoftirqd+0x3a/0x60 [ 1318.906072][ T1392] smpboot_thread_fn+0x3f7/0xae0 [ 1318.911034][ T1392] kthread+0x3c5/0x780 [ 1318.915105][ T1392] ret_from_fork+0x5d7/0x6f0 [ 1318.919699][ T1392] ret_from_fork_asm+0x1a/0x30 [ 1318.924480][ T1392] [ 1318.926795][ T1392] Last potentially related work creation: [ 1318.932500][ T1392] kasan_save_stack+0x33/0x60 [ 1318.937202][ T1392] kasan_record_aux_stack+0xa7/0xc0 [ 1318.942417][ T1392] __call_rcu_common.constprop.0+0xa5/0xa10 [ 1318.948319][ T1392] gfs2_glock_free+0x35/0x90 [ 1318.952930][ T1392] glock_work_func+0x396/0x4d0 [ 1318.957707][ T1392] process_one_work+0x9cf/0x1b70 [ 1318.962662][ T1392] worker_thread+0x6c8/0xf10 [ 1318.967261][ T1392] kthread+0x3c5/0x780 [ 1318.971332][ T1392] ret_from_fork+0x5d7/0x6f0 [ 1318.975927][ T1392] ret_from_fork_asm+0x1a/0x30 [ 1318.980705][ T1392] [ 1318.983024][ T1392] Second to last potentially related work creation: [ 1318.989597][ T1392] kasan_save_stack+0x33/0x60 [ 1318.994302][ T1392] kasan_record_aux_stack+0xa7/0xc0 [ 1318.999531][ T1392] insert_work+0x36/0x230 [ 1319.003907][ T1392] __queue_work+0x97e/0x1160 [ 1319.008506][ T1392] __queue_delayed_work+0x35b/0x460 [ 1319.013719][ T1392] queue_delayed_work_on+0x1b5/0x200 [ 1319.019021][ T1392] gfs2_glock_queue_work+0x75/0x120 [ 1319.024255][ T1392] clear_glock+0xa7/0xe0 [ 1319.028535][ T1392] glock_hash_walk+0x12c/0x1c0 [ 1319.033321][ T1392] gfs2_gl_hash_clear+0x103/0x780 [ 1319.038375][ T1392] gfs2_fill_super+0x2524/0x2d30 [ 1319.043335][ T1392] get_tree_bdev_flags+0x38c/0x620 [ 1319.048470][ T1392] gfs2_get_tree+0x4e/0x280 [ 1319.052986][ T1392] vfs_get_tree+0x8e/0x340 [ 1319.057424][ T1392] path_mount+0x1482/0x1fd0 [ 1319.061933][ T1392] __x64_sys_mount+0x28d/0x310 [ 1319.066702][ T1392] do_syscall_64+0xcd/0x4c0 [ 1319.071232][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1319.077130][ T1392] [ 1319.079442][ T1392] The buggy address belongs to the object at ffff8880788d0fd8 [ 1319.079442][ T1392] which belongs to the cache gfs2_glock(aspace) of size 1224 [ 1319.094191][ T1392] The buggy address is located 960 bytes inside of [ 1319.094191][ T1392] freed 1224-byte region [ffff8880788d0fd8, ffff8880788d14a0) [ 1319.108080][ T1392] [ 1319.110394][ T1392] The buggy address belongs to the physical page: [ 1319.116795][ T1392] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880788d0548 pfn:0x788d0 [ 1319.126859][ T1392] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1319.135355][ T1392] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1319.142899][ T1392] page_type: f5(slab) [ 1319.146884][ T1392] raw: 00fff00000000040 ffff888146ef3b40 dead000000000122 0000000000000000 [ 1319.155479][ T1392] raw: ffff8880788d0548 00000000800c0007 00000000f5000000 0000000000000000 [ 1319.164070][ T1392] head: 00fff00000000040 ffff888146ef3b40 dead000000000122 0000000000000000 [ 1319.172748][ T1392] head: ffff8880788d0548 00000000800c0007 00000000f5000000 0000000000000000 [ 1319.181425][ T1392] head: 00fff00000000002 ffffea0001e23401 00000000ffffffff 00000000ffffffff [ 1319.190100][ T1392] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 1319.198766][ T1392] page dumped because: kasan: bad access detected [ 1319.205171][ T1392] page_owner tracks the page as allocated [ 1319.210877][ T1392] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 31875, tgid 31874 (syz.6.10882), ts 1229886871877, free_ts 1229839928771 [ 1319.231918][ T1392] post_alloc_hook+0x1c0/0x230 [ 1319.236736][ T1392] get_page_from_freelist+0x132b/0x38e0 [ 1319.242309][ T1392] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 1319.248227][ T1392] alloc_pages_mpol+0x1fb/0x550 [ 1319.253104][ T1392] new_slab+0x247/0x330 [ 1319.257273][ T1392] ___slab_alloc+0xd1e/0x1780 [ 1319.261963][ T1392] __slab_alloc.constprop.0+0x56/0xb0 [ 1319.267357][ T1392] kmem_cache_alloc_noprof+0xef/0x3b0 [ 1319.272763][ T1392] gfs2_glock_get+0x1e5/0x1230 [ 1319.277549][ T1392] gfs2_inode_lookup+0x277/0x8a0 [ 1319.282503][ T1392] gfs2_lookup_root+0x57/0x130 [ 1319.287280][ T1392] init_sb+0xae5/0x10d0 [ 1319.291448][ T1392] gfs2_fill_super+0x1967/0x2d30 [ 1319.296399][ T1392] get_tree_bdev_flags+0x38c/0x620 [ 1319.301535][ T1392] gfs2_get_tree+0x4e/0x280 [ 1319.306047][ T1392] vfs_get_tree+0x8e/0x340 [ 1319.310476][ T1392] page last free pid 5206 tgid 5206 stack trace: [ 1319.316792][ T1392] __free_frozen_pages+0x7d5/0x10f0 [ 1319.322003][ T1392] qlist_free_all+0x4d/0x120 [ 1319.326701][ T1392] kasan_quarantine_reduce+0x195/0x1e0 [ 1319.332209][ T1392] __kasan_slab_alloc+0x69/0x90 [ 1319.337105][ T1392] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 1319.342597][ T1392] flock_lock_inode+0xbe8/0x1030 [ 1319.347574][ T1392] locks_lock_inode_wait+0x1da/0x490 [ 1319.352897][ T1392] __do_sys_flock+0x446/0x520 [ 1319.357601][ T1392] do_syscall_64+0xcd/0x4c0 [ 1319.362133][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1319.368046][ T1392] [ 1319.370366][ T1392] Memory state around the buggy address: [ 1319.375995][ T1392] ffff8880788d1280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1319.384061][ T1392] ffff8880788d1300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1319.392132][ T1392] >ffff8880788d1380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1319.400193][ T1392] ^ [ 1319.405037][ T1392] ffff8880788d1400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1319.413101][ T1392] ffff8880788d1480: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 1319.421157][ T1392] ================================================================== [ 1319.445070][ T1392] ================================================================== [ 1319.453165][ T1392] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x26f/0x2b0 [ 1319.460988][ T1392] Read of size 4 at addr ffff8880788d13b4 by task syz.6.11608/1392 [ 1319.468880][ T1392] [ 1319.471209][ T1392] CPU: 0 UID: 0 PID: 1392 Comm: syz.6.11608 Tainted: G B 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) [ 1319.471271][ T1392] Tainted: [B]=BAD_PAGE [ 1319.471284][ T1392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1319.471306][ T1392] Call Trace: [ 1319.471318][ T1392] [ 1319.471331][ T1392] dump_stack_lvl+0x116/0x1f0 [ 1319.471388][ T1392] print_report+0xcd/0x630 [ 1319.471444][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1319.471488][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1319.471531][ T1392] ? __phys_addr+0xe8/0x180 [ 1319.471579][ T1392] ? do_raw_spin_lock+0x26f/0x2b0 [ 1319.471615][ T1392] kasan_report+0xe0/0x110 [ 1319.471671][ T1392] ? do_raw_spin_lock+0x26f/0x2b0 [ 1319.471714][ T1392] do_raw_spin_lock+0x26f/0x2b0 [ 1319.471748][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1319.471793][ T1392] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1319.471828][ T1392] ? add_taint+0x5f/0xd0 [ 1319.471881][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1319.471924][ T1392] ? const_folio_flags+0x5b/0x100 [ 1319.471986][ T1392] __buffer_migrate_folio+0x40b/0x6d0 [ 1319.472032][ T1392] ? __pfx_buffer_migrate_folio_norefs+0x10/0x10 [ 1319.472073][ T1392] move_to_new_folio+0x19f/0x400 [ 1319.472113][ T1392] migrate_pages_batch+0x1fab/0x3bd0 [ 1319.472166][ T1392] ? __pfx_compaction_free+0x10/0x10 [ 1319.472222][ T1392] ? __pfx_migrate_pages_batch+0x10/0x10 [ 1319.472274][ T1392] migrate_pages_sync+0x12d/0x8a0 [ 1319.472317][ T1392] ? __pfx_compaction_alloc+0x10/0x10 [ 1319.472360][ T1392] ? __pfx_compaction_free+0x10/0x10 [ 1319.472405][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1319.472453][ T1392] ? __lock_acquire+0x622/0x1c90 [ 1319.472514][ T1392] ? __pfx_migrate_pages_sync+0x10/0x10 [ 1319.472554][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1319.472608][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1319.472660][ T1392] migrate_pages+0x1b67/0x23b0 [ 1319.472702][ T1392] ? __pfx_compaction_alloc+0x10/0x10 [ 1319.472741][ T1392] ? __pfx_compaction_free+0x10/0x10 [ 1319.472786][ T1392] ? __pfx_migrate_pages+0x10/0x10 [ 1319.472828][ T1392] ? __pfx_isolate_migratepages_block+0x10/0x10 [ 1319.472873][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1319.472916][ T1392] ? pfn_to_online_page+0x1de/0x560 [ 1319.472967][ T1392] compact_zone+0x2018/0x4760 [ 1319.473015][ T1392] ? __free_object+0x270/0x400 [ 1319.473059][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1319.473108][ T1392] ? __pfx_debug_object_free+0x10/0x10 [ 1319.473164][ T1392] ? __pfx_compact_zone+0x10/0x10 [ 1319.473205][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1319.473250][ T1392] ? __flush_work+0x4d0/0xcc0 [ 1319.473294][ T1392] compact_node+0x1a4/0x2d0 [ 1319.473335][ T1392] ? __pfx_compact_node+0x10/0x10 [ 1319.473398][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1319.473441][ T1392] ? __lru_add_drain_all+0xe7/0x6f0 [ 1319.473499][ T1392] sysctl_compaction_handler+0x141/0x210 [ 1319.473546][ T1392] proc_sys_call_handler+0x440/0x570 [ 1319.473594][ T1392] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 1319.473639][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1319.473682][ T1392] ? splice_from_pipe_next+0x1f8/0x5d0 [ 1319.473742][ T1392] iter_file_splice_write+0x91f/0x1150 [ 1319.473807][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1319.473852][ T1392] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1319.473912][ T1392] ? __pfx_copy_splice_read+0x10/0x10 [ 1319.473973][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1319.474018][ T1392] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1319.474075][ T1392] direct_splice_actor+0x192/0x6c0 [ 1319.474131][ T1392] splice_direct_to_actor+0x345/0xa30 [ 1319.474189][ T1392] ? __pfx_direct_splice_actor+0x10/0x10 [ 1319.474247][ T1392] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1319.474303][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1319.474350][ T1392] do_splice_direct+0x174/0x240 [ 1319.474402][ T1392] ? __pfx_do_splice_direct+0x10/0x10 [ 1319.474455][ T1392] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1319.474510][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1319.474553][ T1392] ? rw_verify_area+0xcf/0x6c0 [ 1319.474601][ T1392] do_sendfile+0xb06/0xe50 [ 1319.474653][ T1392] ? __pfx_do_sendfile+0x10/0x10 [ 1319.474710][ T1392] __x64_sys_sendfile64+0x154/0x220 [ 1319.474746][ T1392] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1319.474784][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1319.474832][ T1392] do_syscall_64+0xcd/0x4c0 [ 1319.474890][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1319.474926][ T1392] RIP: 0033:0x7f36c158eb69 [ 1319.474953][ T1392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1319.474989][ T1392] RSP: 002b:00007f36c23e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1319.475022][ T1392] RAX: ffffffffffffffda RBX: 00007f36c17b5fa0 RCX: 00007f36c158eb69 [ 1319.475046][ T1392] RDX: 00002000000000c0 RSI: 0000000000000003 RDI: 0000000000000004 [ 1319.475069][ T1392] RBP: 00007f36c1611df1 R08: 0000000000000000 R09: 0000000000000000 [ 1319.475092][ T1392] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 1319.475114][ T1392] R13: 0000000000000000 R14: 00007f36c17b5fa0 R15: 00007ffd6c00e3d8 [ 1319.475149][ T1392] [ 1319.475165][ T1392] [ 1319.975959][ T1392] Allocated by task 31875: [ 1319.980391][ T1392] kasan_save_stack+0x33/0x60 [ 1319.985099][ T1392] kasan_save_track+0x14/0x30 [ 1319.989807][ T1392] __kasan_slab_alloc+0x89/0x90 [ 1319.994682][ T1392] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 1320.000167][ T1392] gfs2_glock_get+0x1e5/0x1230 [ 1320.004956][ T1392] gfs2_inode_lookup+0x277/0x8a0 [ 1320.009916][ T1392] gfs2_dir_search+0x22a/0x2e0 [ 1320.014697][ T1392] gfs2_lookupi+0x4b7/0x6e0 [ 1320.019220][ T1392] init_inodes+0x869/0x2eb0 [ 1320.023735][ T1392] gfs2_fill_super+0x1be2/0x2d30 [ 1320.028687][ T1392] get_tree_bdev_flags+0x38c/0x620 [ 1320.033822][ T1392] gfs2_get_tree+0x4e/0x280 [ 1320.038346][ T1392] vfs_get_tree+0x8e/0x340 [ 1320.042780][ T1392] path_mount+0x1482/0x1fd0 [ 1320.047289][ T1392] __x64_sys_mount+0x28d/0x310 [ 1320.052059][ T1392] do_syscall_64+0xcd/0x4c0 [ 1320.056587][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1320.062486][ T1392] [ 1320.064799][ T1392] Freed by task 23: [ 1320.068593][ T1392] kasan_save_stack+0x33/0x60 [ 1320.073292][ T1392] kasan_save_track+0x14/0x30 [ 1320.077990][ T1392] kasan_save_free_info+0x3b/0x60 [ 1320.083026][ T1392] __kasan_slab_free+0x51/0x70 [ 1320.087814][ T1392] kmem_cache_free+0x2d1/0x4d0 [ 1320.092594][ T1392] gfs2_glock_dealloc+0xd0/0x150 [ 1320.097545][ T1392] rcu_core+0x79c/0x1530 [ 1320.101793][ T1392] handle_softirqs+0x219/0x8e0 [ 1320.106585][ T1392] run_ksoftirqd+0x3a/0x60 [ 1320.111011][ T1392] smpboot_thread_fn+0x3f7/0xae0 [ 1320.115966][ T1392] kthread+0x3c5/0x780 [ 1320.120041][ T1392] ret_from_fork+0x5d7/0x6f0 [ 1320.124640][ T1392] ret_from_fork_asm+0x1a/0x30 [ 1320.129423][ T1392] [ 1320.131738][ T1392] Last potentially related work creation: [ 1320.137442][ T1392] kasan_save_stack+0x33/0x60 [ 1320.142146][ T1392] kasan_record_aux_stack+0xa7/0xc0 [ 1320.147371][ T1392] __call_rcu_common.constprop.0+0xa5/0xa10 [ 1320.153275][ T1392] gfs2_glock_free+0x35/0x90 [ 1320.157888][ T1392] glock_work_func+0x396/0x4d0 [ 1320.162655][ T1392] process_one_work+0x9cf/0x1b70 [ 1320.167604][ T1392] worker_thread+0x6c8/0xf10 [ 1320.172198][ T1392] kthread+0x3c5/0x780 [ 1320.176268][ T1392] ret_from_fork+0x5d7/0x6f0 [ 1320.180858][ T1392] ret_from_fork_asm+0x1a/0x30 [ 1320.185634][ T1392] [ 1320.187948][ T1392] Second to last potentially related work creation: [ 1320.194519][ T1392] kasan_save_stack+0x33/0x60 [ 1320.199221][ T1392] kasan_record_aux_stack+0xa7/0xc0 [ 1320.204431][ T1392] insert_work+0x36/0x230 [ 1320.208763][ T1392] __queue_work+0x97e/0x1160 [ 1320.213358][ T1392] __queue_delayed_work+0x35b/0x460 [ 1320.218565][ T1392] queue_delayed_work_on+0x1b5/0x200 [ 1320.223860][ T1392] gfs2_glock_queue_work+0x75/0x120 [ 1320.229094][ T1392] clear_glock+0xa7/0xe0 [ 1320.233376][ T1392] glock_hash_walk+0x12c/0x1c0 [ 1320.238163][ T1392] gfs2_gl_hash_clear+0x103/0x780 [ 1320.243220][ T1392] gfs2_fill_super+0x2524/0x2d30 [ 1320.248176][ T1392] get_tree_bdev_flags+0x38c/0x620 [ 1320.253311][ T1392] gfs2_get_tree+0x4e/0x280 [ 1320.257828][ T1392] vfs_get_tree+0x8e/0x340 [ 1320.262257][ T1392] path_mount+0x1482/0x1fd0 [ 1320.266769][ T1392] __x64_sys_mount+0x28d/0x310 [ 1320.271536][ T1392] do_syscall_64+0xcd/0x4c0 [ 1320.276064][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1320.281969][ T1392] [ 1320.284292][ T1392] The buggy address belongs to the object at ffff8880788d0fd8 [ 1320.284292][ T1392] which belongs to the cache gfs2_glock(aspace) of size 1224 [ 1320.299056][ T1392] The buggy address is located 988 bytes inside of [ 1320.299056][ T1392] freed 1224-byte region [ffff8880788d0fd8, ffff8880788d14a0) [ 1320.312960][ T1392] [ 1320.315284][ T1392] The buggy address belongs to the physical page: [ 1320.321684][ T1392] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880788d0548 pfn:0x788d0 [ 1320.331754][ T1392] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1320.340260][ T1392] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1320.347810][ T1392] page_type: f5(slab) [ 1320.351796][ T1392] raw: 00fff00000000040 ffff888146ef3b40 dead000000000122 0000000000000000 [ 1320.360393][ T1392] raw: ffff8880788d0548 00000000800c0007 00000000f5000000 0000000000000000 [ 1320.368990][ T1392] head: 00fff00000000040 ffff888146ef3b40 dead000000000122 0000000000000000 [ 1320.377686][ T1392] head: ffff8880788d0548 00000000800c0007 00000000f5000000 0000000000000000 [ 1320.386368][ T1392] head: 00fff00000000002 ffffea0001e23401 00000000ffffffff 00000000ffffffff [ 1320.395057][ T1392] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 1320.403728][ T1392] page dumped because: kasan: bad access detected [ 1320.410137][ T1392] page_owner tracks the page as allocated [ 1320.415846][ T1392] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 31875, tgid 31874 (syz.6.10882), ts 1229886871877, free_ts 1229839928771 [ 1320.436891][ T1392] post_alloc_hook+0x1c0/0x230 [ 1320.441686][ T1392] get_page_from_freelist+0x132b/0x38e0 [ 1320.447264][ T1392] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 1320.453222][ T1392] alloc_pages_mpol+0x1fb/0x550 [ 1320.458103][ T1392] new_slab+0x247/0x330 [ 1320.462277][ T1392] ___slab_alloc+0xd1e/0x1780 [ 1320.466967][ T1392] __slab_alloc.constprop.0+0x56/0xb0 [ 1320.472356][ T1392] kmem_cache_alloc_noprof+0xef/0x3b0 [ 1320.477752][ T1392] gfs2_glock_get+0x1e5/0x1230 [ 1320.482540][ T1392] gfs2_inode_lookup+0x277/0x8a0 [ 1320.487496][ T1392] gfs2_lookup_root+0x57/0x130 [ 1320.492274][ T1392] init_sb+0xae5/0x10d0 [ 1320.496454][ T1392] gfs2_fill_super+0x1967/0x2d30 [ 1320.501410][ T1392] get_tree_bdev_flags+0x38c/0x620 [ 1320.506546][ T1392] gfs2_get_tree+0x4e/0x280 [ 1320.511060][ T1392] vfs_get_tree+0x8e/0x340 [ 1320.515490][ T1392] page last free pid 5206 tgid 5206 stack trace: [ 1320.521814][ T1392] __free_frozen_pages+0x7d5/0x10f0 [ 1320.527030][ T1392] qlist_free_all+0x4d/0x120 [ 1320.531638][ T1392] kasan_quarantine_reduce+0x195/0x1e0 [ 1320.537117][ T1392] __kasan_slab_alloc+0x69/0x90 [ 1320.541997][ T1392] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 1320.547480][ T1392] flock_lock_inode+0xbe8/0x1030 [ 1320.552442][ T1392] locks_lock_inode_wait+0x1da/0x490 [ 1320.557751][ T1392] __do_sys_flock+0x446/0x520 [ 1320.562452][ T1392] do_syscall_64+0xcd/0x4c0 [ 1320.566980][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1320.572881][ T1392] [ 1320.575196][ T1392] Memory state around the buggy address: [ 1320.580820][ T1392] ffff8880788d1280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1320.588912][ T1392] ffff8880788d1300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1320.596975][ T1392] >ffff8880788d1380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1320.605034][ T1392] ^ [ 1320.610668][ T1392] ffff8880788d1400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1320.618727][ T1392] ffff8880788d1480: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 1320.626787][ T1392] ================================================================== [ 1320.637145][ T1392] ================================================================== [ 1320.645233][ T1392] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x27f/0x2b0 [ 1320.653073][ T1392] Read of size 8 at addr ffff8880788d13c0 by task syz.6.11608/1392 [ 1320.660979][ T1392] [ 1320.663317][ T1392] CPU: 0 UID: 0 PID: 1392 Comm: syz.6.11608 Tainted: G B 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) [ 1320.663376][ T1392] Tainted: [B]=BAD_PAGE [ 1320.663390][ T1392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1320.663413][ T1392] Call Trace: [ 1320.663426][ T1392] [ 1320.663440][ T1392] dump_stack_lvl+0x116/0x1f0 [ 1320.663499][ T1392] print_report+0xcd/0x630 [ 1320.663556][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1320.663601][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1320.663646][ T1392] ? __phys_addr+0xe8/0x180 [ 1320.663696][ T1392] ? do_raw_spin_lock+0x27f/0x2b0 [ 1320.663734][ T1392] kasan_report+0xe0/0x110 [ 1320.663792][ T1392] ? do_raw_spin_lock+0x27f/0x2b0 [ 1320.663835][ T1392] do_raw_spin_lock+0x27f/0x2b0 [ 1320.663871][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1320.663916][ T1392] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1320.663954][ T1392] ? add_taint+0x5f/0xd0 [ 1320.664009][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1320.664055][ T1392] ? const_folio_flags+0x5b/0x100 [ 1320.664120][ T1392] __buffer_migrate_folio+0x40b/0x6d0 [ 1320.664170][ T1392] ? __pfx_buffer_migrate_folio_norefs+0x10/0x10 [ 1320.664209][ T1392] move_to_new_folio+0x19f/0x400 [ 1320.664249][ T1392] migrate_pages_batch+0x1fab/0x3bd0 [ 1320.664292][ T1392] ? __pfx_compaction_free+0x10/0x10 [ 1320.664343][ T1392] ? __pfx_migrate_pages_batch+0x10/0x10 [ 1320.664393][ T1392] migrate_pages_sync+0x12d/0x8a0 [ 1320.664434][ T1392] ? __pfx_compaction_alloc+0x10/0x10 [ 1320.664475][ T1392] ? __pfx_compaction_free+0x10/0x10 [ 1320.664517][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1320.664563][ T1392] ? __lock_acquire+0x622/0x1c90 [ 1320.664622][ T1392] ? __pfx_migrate_pages_sync+0x10/0x10 [ 1320.664660][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1320.664713][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1320.664763][ T1392] migrate_pages+0x1b67/0x23b0 [ 1320.664805][ T1392] ? __pfx_compaction_alloc+0x10/0x10 [ 1320.664845][ T1392] ? __pfx_compaction_free+0x10/0x10 [ 1320.664893][ T1392] ? __pfx_migrate_pages+0x10/0x10 [ 1320.664938][ T1392] ? __pfx_isolate_migratepages_block+0x10/0x10 [ 1320.664986][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1320.665032][ T1392] ? pfn_to_online_page+0x1de/0x560 [ 1320.665085][ T1392] compact_zone+0x2018/0x4760 [ 1320.665134][ T1392] ? __free_object+0x270/0x400 [ 1320.665186][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1320.665237][ T1392] ? __pfx_debug_object_free+0x10/0x10 [ 1320.665291][ T1392] ? __pfx_compact_zone+0x10/0x10 [ 1320.665333][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1320.665381][ T1392] ? __flush_work+0x4d0/0xcc0 [ 1320.665428][ T1392] compact_node+0x1a4/0x2d0 [ 1320.665471][ T1392] ? __pfx_compact_node+0x10/0x10 [ 1320.665537][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1320.665581][ T1392] ? __lru_add_drain_all+0xe7/0x6f0 [ 1320.665640][ T1392] sysctl_compaction_handler+0x141/0x210 [ 1320.665689][ T1392] proc_sys_call_handler+0x440/0x570 [ 1320.665738][ T1392] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 1320.665785][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1320.665829][ T1392] ? splice_from_pipe_next+0x1f8/0x5d0 [ 1320.665891][ T1392] iter_file_splice_write+0x91f/0x1150 [ 1320.665960][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1320.666006][ T1392] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1320.666068][ T1392] ? __pfx_copy_splice_read+0x10/0x10 [ 1320.666132][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1320.666182][ T1392] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1320.666241][ T1392] direct_splice_actor+0x192/0x6c0 [ 1320.666299][ T1392] splice_direct_to_actor+0x345/0xa30 [ 1320.666356][ T1392] ? __pfx_direct_splice_actor+0x10/0x10 [ 1320.666416][ T1392] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1320.666474][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1320.666522][ T1392] do_splice_direct+0x174/0x240 [ 1320.666576][ T1392] ? __pfx_do_splice_direct+0x10/0x10 [ 1320.666632][ T1392] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1320.666688][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1320.666732][ T1392] ? rw_verify_area+0xcf/0x6c0 [ 1320.666782][ T1392] do_sendfile+0xb06/0xe50 [ 1320.666835][ T1392] ? __pfx_do_sendfile+0x10/0x10 [ 1320.666895][ T1392] __x64_sys_sendfile64+0x154/0x220 [ 1320.666933][ T1392] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1320.666972][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1320.667023][ T1392] do_syscall_64+0xcd/0x4c0 [ 1320.667082][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1320.667119][ T1392] RIP: 0033:0x7f36c158eb69 [ 1320.667147][ T1392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1320.667189][ T1392] RSP: 002b:00007f36c23e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1320.667223][ T1392] RAX: ffffffffffffffda RBX: 00007f36c17b5fa0 RCX: 00007f36c158eb69 [ 1320.667248][ T1392] RDX: 00002000000000c0 RSI: 0000000000000003 RDI: 0000000000000004 [ 1320.667271][ T1392] RBP: 00007f36c1611df1 R08: 0000000000000000 R09: 0000000000000000 [ 1320.667295][ T1392] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 1320.667319][ T1392] R13: 0000000000000000 R14: 00007f36c17b5fa0 R15: 00007ffd6c00e3d8 [ 1320.667355][ T1392] [ 1320.667368][ T1392] [ 1321.167952][ T1392] Allocated by task 31875: [ 1321.172367][ T1392] kasan_save_stack+0x33/0x60 [ 1321.177081][ T1392] kasan_save_track+0x14/0x30 [ 1321.181795][ T1392] __kasan_slab_alloc+0x89/0x90 [ 1321.186676][ T1392] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 1321.192167][ T1392] gfs2_glock_get+0x1e5/0x1230 [ 1321.196959][ T1392] gfs2_inode_lookup+0x277/0x8a0 [ 1321.201916][ T1392] gfs2_dir_search+0x22a/0x2e0 [ 1321.206702][ T1392] gfs2_lookupi+0x4b7/0x6e0 [ 1321.211250][ T1392] init_inodes+0x869/0x2eb0 [ 1321.215771][ T1392] gfs2_fill_super+0x1be2/0x2d30 [ 1321.220730][ T1392] get_tree_bdev_flags+0x38c/0x620 [ 1321.225869][ T1392] gfs2_get_tree+0x4e/0x280 [ 1321.230390][ T1392] vfs_get_tree+0x8e/0x340 [ 1321.234824][ T1392] path_mount+0x1482/0x1fd0 [ 1321.239335][ T1392] __x64_sys_mount+0x28d/0x310 [ 1321.244106][ T1392] do_syscall_64+0xcd/0x4c0 [ 1321.248636][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1321.254537][ T1392] [ 1321.256852][ T1392] Freed by task 23: [ 1321.260648][ T1392] kasan_save_stack+0x33/0x60 [ 1321.265348][ T1392] kasan_save_track+0x14/0x30 [ 1321.270052][ T1392] kasan_save_free_info+0x3b/0x60 [ 1321.275093][ T1392] __kasan_slab_free+0x51/0x70 [ 1321.279892][ T1392] kmem_cache_free+0x2d1/0x4d0 [ 1321.284676][ T1392] gfs2_glock_dealloc+0xd0/0x150 [ 1321.289661][ T1392] rcu_core+0x79c/0x1530 [ 1321.293916][ T1392] handle_softirqs+0x219/0x8e0 [ 1321.298698][ T1392] run_ksoftirqd+0x3a/0x60 [ 1321.303131][ T1392] smpboot_thread_fn+0x3f7/0xae0 [ 1321.308094][ T1392] kthread+0x3c5/0x780 [ 1321.312170][ T1392] ret_from_fork+0x5d7/0x6f0 [ 1321.316779][ T1392] ret_from_fork_asm+0x1a/0x30 [ 1321.321557][ T1392] [ 1321.323874][ T1392] Last potentially related work creation: [ 1321.329583][ T1392] kasan_save_stack+0x33/0x60 [ 1321.334289][ T1392] kasan_record_aux_stack+0xa7/0xc0 [ 1321.339503][ T1392] __call_rcu_common.constprop.0+0xa5/0xa10 [ 1321.345416][ T1392] gfs2_glock_free+0x35/0x90 [ 1321.350030][ T1392] glock_work_func+0x396/0x4d0 [ 1321.354799][ T1392] process_one_work+0x9cf/0x1b70 [ 1321.359745][ T1392] worker_thread+0x6c8/0xf10 [ 1321.364343][ T1392] kthread+0x3c5/0x780 [ 1321.368420][ T1392] ret_from_fork+0x5d7/0x6f0 [ 1321.373013][ T1392] ret_from_fork_asm+0x1a/0x30 [ 1321.377800][ T1392] [ 1321.380117][ T1392] Second to last potentially related work creation: [ 1321.386689][ T1392] kasan_save_stack+0x33/0x60 [ 1321.391390][ T1392] kasan_record_aux_stack+0xa7/0xc0 [ 1321.396600][ T1392] insert_work+0x36/0x230 [ 1321.400984][ T1392] __queue_work+0x97e/0x1160 [ 1321.405591][ T1392] __queue_delayed_work+0x35b/0x460 [ 1321.410813][ T1392] queue_delayed_work_on+0x1b5/0x200 [ 1321.416119][ T1392] gfs2_glock_queue_work+0x75/0x120 [ 1321.421350][ T1392] clear_glock+0xa7/0xe0 [ 1321.425623][ T1392] glock_hash_walk+0x12c/0x1c0 [ 1321.430409][ T1392] gfs2_gl_hash_clear+0x103/0x780 [ 1321.435466][ T1392] gfs2_fill_super+0x2524/0x2d30 [ 1321.440420][ T1392] get_tree_bdev_flags+0x38c/0x620 [ 1321.445558][ T1392] gfs2_get_tree+0x4e/0x280 [ 1321.450077][ T1392] vfs_get_tree+0x8e/0x340 [ 1321.454508][ T1392] path_mount+0x1482/0x1fd0 [ 1321.459019][ T1392] __x64_sys_mount+0x28d/0x310 [ 1321.463791][ T1392] do_syscall_64+0xcd/0x4c0 [ 1321.468322][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1321.474224][ T1392] [ 1321.476540][ T1392] The buggy address belongs to the object at ffff8880788d0fd8 [ 1321.476540][ T1392] which belongs to the cache gfs2_glock(aspace) of size 1224 [ 1321.491296][ T1392] The buggy address is located 1000 bytes inside of [ 1321.491296][ T1392] freed 1224-byte region [ffff8880788d0fd8, ffff8880788d14a0) [ 1321.505281][ T1392] [ 1321.507601][ T1392] The buggy address belongs to the physical page: [ 1321.514006][ T1392] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880788d0548 pfn:0x788d0 [ 1321.524081][ T1392] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1321.532587][ T1392] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1321.540144][ T1392] page_type: f5(slab) [ 1321.544138][ T1392] raw: 00fff00000000040 ffff888146ef3b40 dead000000000122 0000000000000000 [ 1321.552734][ T1392] raw: ffff8880788d0548 00000000800c0007 00000000f5000000 0000000000000000 [ 1321.561337][ T1392] head: 00fff00000000040 ffff888146ef3b40 dead000000000122 0000000000000000 [ 1321.570025][ T1392] head: ffff8880788d0548 00000000800c0007 00000000f5000000 0000000000000000 [ 1321.578711][ T1392] head: 00fff00000000002 ffffea0001e23401 00000000ffffffff 00000000ffffffff [ 1321.587394][ T1392] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 1321.596070][ T1392] page dumped because: kasan: bad access detected [ 1321.602480][ T1392] page_owner tracks the page as allocated [ 1321.608188][ T1392] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 31875, tgid 31874 (syz.6.10882), ts 1229886871877, free_ts 1229839928771 [ 1321.629234][ T1392] post_alloc_hook+0x1c0/0x230 [ 1321.634036][ T1392] get_page_from_freelist+0x132b/0x38e0 [ 1321.639612][ T1392] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 1321.645535][ T1392] alloc_pages_mpol+0x1fb/0x550 [ 1321.650423][ T1392] new_slab+0x247/0x330 [ 1321.654595][ T1392] ___slab_alloc+0xd1e/0x1780 [ 1321.660078][ T1392] __slab_alloc.constprop.0+0x56/0xb0 [ 1321.665477][ T1392] kmem_cache_alloc_noprof+0xef/0x3b0 [ 1321.670889][ T1392] gfs2_glock_get+0x1e5/0x1230 [ 1321.675692][ T1392] gfs2_inode_lookup+0x277/0x8a0 [ 1321.680659][ T1392] gfs2_lookup_root+0x57/0x130 [ 1321.685441][ T1392] init_sb+0xae5/0x10d0 [ 1321.689619][ T1392] gfs2_fill_super+0x1967/0x2d30 [ 1321.694581][ T1392] get_tree_bdev_flags+0x38c/0x620 [ 1321.699723][ T1392] gfs2_get_tree+0x4e/0x280 [ 1321.704244][ T1392] vfs_get_tree+0x8e/0x340 [ 1321.708680][ T1392] page last free pid 5206 tgid 5206 stack trace: [ 1321.715001][ T1392] __free_frozen_pages+0x7d5/0x10f0 [ 1321.720222][ T1392] qlist_free_all+0x4d/0x120 [ 1321.724834][ T1392] kasan_quarantine_reduce+0x195/0x1e0 [ 1321.730319][ T1392] __kasan_slab_alloc+0x69/0x90 [ 1321.735197][ T1392] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 1321.740682][ T1392] flock_lock_inode+0xbe8/0x1030 [ 1321.745641][ T1392] locks_lock_inode_wait+0x1da/0x490 [ 1321.750951][ T1392] __do_sys_flock+0x446/0x520 [ 1321.755651][ T1392] do_syscall_64+0xcd/0x4c0 [ 1321.760184][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1321.766088][ T1392] [ 1321.768408][ T1392] Memory state around the buggy address: [ 1321.774035][ T1392] ffff8880788d1280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1321.782104][ T1392] ffff8880788d1300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1321.790178][ T1392] >ffff8880788d1380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1321.798242][ T1392] ^ [ 1321.804405][ T1392] ffff8880788d1400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1321.812480][ T1392] ffff8880788d1480: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 1321.820541][ T1392] ================================================================== [ 1321.829537][ T1392] ================================================================== [ 1321.837630][ T1392] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x265/0x2b0 [ 1321.845478][ T1392] Read of size 4 at addr ffff8880788d13b8 by task syz.6.11608/1392 [ 1321.853401][ T1392] [ 1321.855774][ T1392] CPU: 0 UID: 0 PID: 1392 Comm: syz.6.11608 Tainted: G B 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) [ 1321.855837][ T1392] Tainted: [B]=BAD_PAGE [ 1321.855852][ T1392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1321.855877][ T1392] Call Trace: [ 1321.855890][ T1392] [ 1321.855905][ T1392] dump_stack_lvl+0x116/0x1f0 [ 1321.855970][ T1392] print_report+0xcd/0x630 [ 1321.856032][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1321.856082][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1321.856129][ T1392] ? __phys_addr+0xe8/0x180 [ 1321.856182][ T1392] ? do_raw_spin_lock+0x265/0x2b0 [ 1321.856224][ T1392] kasan_report+0xe0/0x110 [ 1321.856285][ T1392] ? do_raw_spin_lock+0x265/0x2b0 [ 1321.856331][ T1392] do_raw_spin_lock+0x265/0x2b0 [ 1321.856371][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1321.856430][ T1392] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1321.856470][ T1392] ? add_taint+0x5f/0xd0 [ 1321.856530][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1321.856577][ T1392] ? const_folio_flags+0x5b/0x100 [ 1321.856647][ T1392] __buffer_migrate_folio+0x40b/0x6d0 [ 1321.856693][ T1392] ? __pfx_buffer_migrate_folio_norefs+0x10/0x10 [ 1321.856735][ T1392] move_to_new_folio+0x19f/0x400 [ 1321.856777][ T1392] migrate_pages_batch+0x1fab/0x3bd0 [ 1321.856822][ T1392] ? __pfx_compaction_free+0x10/0x10 [ 1321.856877][ T1392] ? __pfx_migrate_pages_batch+0x10/0x10 [ 1321.856928][ T1392] migrate_pages_sync+0x12d/0x8a0 [ 1321.856971][ T1392] ? __pfx_compaction_alloc+0x10/0x10 [ 1321.857014][ T1392] ? __pfx_compaction_free+0x10/0x10 [ 1321.857058][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1321.857106][ T1392] ? __lock_acquire+0x622/0x1c90 [ 1321.857166][ T1392] ? __pfx_migrate_pages_sync+0x10/0x10 [ 1321.857208][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1321.857263][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1321.857315][ T1392] migrate_pages+0x1b67/0x23b0 [ 1321.857359][ T1392] ? __pfx_compaction_alloc+0x10/0x10 [ 1321.857410][ T1392] ? __pfx_compaction_free+0x10/0x10 [ 1321.857460][ T1392] ? __pfx_migrate_pages+0x10/0x10 [ 1321.857506][ T1392] ? __pfx_isolate_migratepages_block+0x10/0x10 [ 1321.857553][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1321.857600][ T1392] ? pfn_to_online_page+0x1de/0x560 [ 1321.857659][ T1392] compact_zone+0x2018/0x4760 [ 1321.857711][ T1392] ? __free_object+0x270/0x400 [ 1321.857759][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1321.857814][ T1392] ? __pfx_debug_object_free+0x10/0x10 [ 1321.857870][ T1392] ? __pfx_compact_zone+0x10/0x10 [ 1321.857915][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1321.857965][ T1392] ? __flush_work+0x4d0/0xcc0 [ 1321.858013][ T1392] compact_node+0x1a4/0x2d0 [ 1321.858057][ T1392] ? __pfx_compact_node+0x10/0x10 [ 1321.858124][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1321.858171][ T1392] ? __lru_add_drain_all+0xe7/0x6f0 [ 1321.858234][ T1392] sysctl_compaction_handler+0x141/0x210 [ 1321.858286][ T1392] proc_sys_call_handler+0x440/0x570 [ 1321.858338][ T1392] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 1321.858387][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1321.858445][ T1392] ? splice_from_pipe_next+0x1f8/0x5d0 [ 1321.858511][ T1392] iter_file_splice_write+0x91f/0x1150 [ 1321.858583][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1321.858632][ T1392] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1321.858697][ T1392] ? __pfx_copy_splice_read+0x10/0x10 [ 1321.858765][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1321.858814][ T1392] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1321.858876][ T1392] direct_splice_actor+0x192/0x6c0 [ 1321.858937][ T1392] splice_direct_to_actor+0x345/0xa30 [ 1321.858997][ T1392] ? __pfx_direct_splice_actor+0x10/0x10 [ 1321.859060][ T1392] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1321.859121][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1321.859172][ T1392] do_splice_direct+0x174/0x240 [ 1321.859229][ T1392] ? __pfx_do_splice_direct+0x10/0x10 [ 1321.859286][ T1392] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1321.859344][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1321.859392][ T1392] ? rw_verify_area+0xcf/0x6c0 [ 1321.859453][ T1392] do_sendfile+0xb06/0xe50 [ 1321.859511][ T1392] ? __pfx_do_sendfile+0x10/0x10 [ 1321.859573][ T1392] __x64_sys_sendfile64+0x154/0x220 [ 1321.859614][ T1392] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1321.859655][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1321.859708][ T1392] do_syscall_64+0xcd/0x4c0 [ 1321.859771][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1321.859812][ T1392] RIP: 0033:0x7f36c158eb69 [ 1321.859841][ T1392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1321.859881][ T1392] RSP: 002b:00007f36c23e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1321.859917][ T1392] RAX: ffffffffffffffda RBX: 00007f36c17b5fa0 RCX: 00007f36c158eb69 [ 1321.859951][ T1392] RDX: 00002000000000c0 RSI: 0000000000000003 RDI: 0000000000000004 [ 1321.859976][ T1392] RBP: 00007f36c1611df1 R08: 0000000000000000 R09: 0000000000000000 [ 1321.860000][ T1392] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 1321.860025][ T1392] R13: 0000000000000000 R14: 00007f36c17b5fa0 R15: 00007ffd6c00e3d8 [ 1321.860063][ T1392] [ 1321.860077][ T1392] [ 1321.884548][ T1399] fido_id[1399]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory [ 1321.887538][ T1392] Allocated by task 31875: [ 1322.379698][ T1392] kasan_save_stack+0x33/0x60 [ 1322.384412][ T1392] kasan_save_track+0x14/0x30 [ 1322.389114][ T1392] __kasan_slab_alloc+0x89/0x90 [ 1322.393993][ T1392] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 1322.399479][ T1392] gfs2_glock_get+0x1e5/0x1230 [ 1322.404269][ T1392] gfs2_inode_lookup+0x277/0x8a0 [ 1322.409230][ T1392] gfs2_dir_search+0x22a/0x2e0 [ 1322.414010][ T1392] gfs2_lookupi+0x4b7/0x6e0 [ 1322.418533][ T1392] init_inodes+0x869/0x2eb0 [ 1322.423057][ T1392] gfs2_fill_super+0x1be2/0x2d30 [ 1322.428021][ T1392] get_tree_bdev_flags+0x38c/0x620 [ 1322.433158][ T1392] gfs2_get_tree+0x4e/0x280 [ 1322.437681][ T1392] vfs_get_tree+0x8e/0x340 [ 1322.442118][ T1392] path_mount+0x1482/0x1fd0 [ 1322.446647][ T1392] __x64_sys_mount+0x28d/0x310 [ 1322.451420][ T1392] do_syscall_64+0xcd/0x4c0 [ 1322.455946][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1322.461929][ T1392] [ 1322.464243][ T1392] Freed by task 23: [ 1322.468135][ T1392] kasan_save_stack+0x33/0x60 [ 1322.472838][ T1392] kasan_save_track+0x14/0x30 [ 1322.477533][ T1392] kasan_save_free_info+0x3b/0x60 [ 1322.482569][ T1392] __kasan_slab_free+0x51/0x70 [ 1322.487398][ T1392] kmem_cache_free+0x2d1/0x4d0 [ 1322.492186][ T1392] gfs2_glock_dealloc+0xd0/0x150 [ 1322.497137][ T1392] rcu_core+0x79c/0x1530 [ 1322.501392][ T1392] handle_softirqs+0x219/0x8e0 [ 1322.506172][ T1392] run_ksoftirqd+0x3a/0x60 [ 1322.510601][ T1392] smpboot_thread_fn+0x3f7/0xae0 [ 1322.515559][ T1392] kthread+0x3c5/0x780 [ 1322.519629][ T1392] ret_from_fork+0x5d7/0x6f0 [ 1322.524218][ T1392] ret_from_fork_asm+0x1a/0x30 [ 1322.528994][ T1392] [ 1322.531353][ T1392] Last potentially related work creation: [ 1322.537055][ T1392] kasan_save_stack+0x33/0x60 [ 1322.541752][ T1392] kasan_record_aux_stack+0xa7/0xc0 [ 1322.546964][ T1392] __call_rcu_common.constprop.0+0xa5/0xa10 [ 1322.552869][ T1392] gfs2_glock_free+0x35/0x90 [ 1322.557483][ T1392] glock_work_func+0x396/0x4d0 [ 1322.562250][ T1392] process_one_work+0x9cf/0x1b70 [ 1322.567201][ T1392] worker_thread+0x6c8/0xf10 [ 1322.571799][ T1392] kthread+0x3c5/0x780 [ 1322.575872][ T1392] ret_from_fork+0x5d7/0x6f0 [ 1322.580466][ T1392] ret_from_fork_asm+0x1a/0x30 [ 1322.585244][ T1392] [ 1322.587556][ T1392] Second to last potentially related work creation: [ 1322.594128][ T1392] kasan_save_stack+0x33/0x60 [ 1322.598832][ T1392] kasan_record_aux_stack+0xa7/0xc0 [ 1322.604042][ T1392] insert_work+0x36/0x230 [ 1322.608379][ T1392] __queue_work+0x97e/0x1160 [ 1322.612973][ T1392] __queue_delayed_work+0x35b/0x460 [ 1322.618181][ T1392] queue_delayed_work_on+0x1b5/0x200 [ 1322.623475][ T1392] gfs2_glock_queue_work+0x75/0x120 [ 1322.628699][ T1392] clear_glock+0xa7/0xe0 [ 1322.632965][ T1392] glock_hash_walk+0x12c/0x1c0 [ 1322.637747][ T1392] gfs2_gl_hash_clear+0x103/0x780 [ 1322.642798][ T1392] gfs2_fill_super+0x2524/0x2d30 [ 1322.647757][ T1392] get_tree_bdev_flags+0x38c/0x620 [ 1322.652891][ T1392] gfs2_get_tree+0x4e/0x280 [ 1322.657406][ T1392] vfs_get_tree+0x8e/0x340 [ 1322.661834][ T1392] path_mount+0x1482/0x1fd0 [ 1322.666353][ T1392] __x64_sys_mount+0x28d/0x310 [ 1322.671124][ T1392] do_syscall_64+0xcd/0x4c0 [ 1322.675663][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1322.681561][ T1392] [ 1322.683871][ T1392] The buggy address belongs to the object at ffff8880788d0fd8 [ 1322.683871][ T1392] which belongs to the cache gfs2_glock(aspace) of size 1224 [ 1322.698620][ T1392] The buggy address is located 992 bytes inside of [ 1322.698620][ T1392] freed 1224-byte region [ffff8880788d0fd8, ffff8880788d14a0) [ 1322.712545][ T1392] [ 1322.714868][ T1392] The buggy address belongs to the physical page: [ 1322.721282][ T1392] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880788d0548 pfn:0x788d0 [ 1322.731358][ T1392] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1322.739889][ T1392] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1322.747443][ T1392] page_type: f5(slab) [ 1322.751436][ T1392] raw: 00fff00000000040 ffff888146ef3b40 dead000000000122 0000000000000000 [ 1322.760030][ T1392] raw: ffff8880788d0548 00000000800c0007 00000000f5000000 0000000000000000 [ 1322.768629][ T1392] head: 00fff00000000040 ffff888146ef3b40 dead000000000122 0000000000000000 [ 1322.777307][ T1392] head: ffff8880788d0548 00000000800c0007 00000000f5000000 0000000000000000 [ 1322.785984][ T1392] head: 00fff00000000002 ffffea0001e23401 00000000ffffffff 00000000ffffffff [ 1322.794661][ T1392] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 1322.803327][ T1392] page dumped because: kasan: bad access detected [ 1322.809729][ T1392] page_owner tracks the page as allocated [ 1322.815437][ T1392] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 31875, tgid 31874 (syz.6.10882), ts 1229886871877, free_ts 1229839928771 [ 1322.836485][ T1392] post_alloc_hook+0x1c0/0x230 [ 1322.841282][ T1392] get_page_from_freelist+0x132b/0x38e0 [ 1322.846854][ T1392] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 1322.852778][ T1392] alloc_pages_mpol+0x1fb/0x550 [ 1322.857660][ T1392] new_slab+0x247/0x330 [ 1322.861826][ T1392] ___slab_alloc+0xd1e/0x1780 [ 1322.866515][ T1392] __slab_alloc.constprop.0+0x56/0xb0 [ 1322.871903][ T1392] kmem_cache_alloc_noprof+0xef/0x3b0 [ 1322.877294][ T1392] gfs2_glock_get+0x1e5/0x1230 [ 1322.882081][ T1392] gfs2_inode_lookup+0x277/0x8a0 [ 1322.887035][ T1392] gfs2_lookup_root+0x57/0x130 [ 1322.891810][ T1392] init_sb+0xae5/0x10d0 [ 1322.895975][ T1392] gfs2_fill_super+0x1967/0x2d30 [ 1322.900929][ T1392] get_tree_bdev_flags+0x38c/0x620 [ 1322.906062][ T1392] gfs2_get_tree+0x4e/0x280 [ 1322.910576][ T1392] vfs_get_tree+0x8e/0x340 [ 1322.915008][ T1392] page last free pid 5206 tgid 5206 stack trace: [ 1322.921324][ T1392] __free_frozen_pages+0x7d5/0x10f0 [ 1322.926538][ T1392] qlist_free_all+0x4d/0x120 [ 1322.931146][ T1392] kasan_quarantine_reduce+0x195/0x1e0 [ 1322.936625][ T1392] __kasan_slab_alloc+0x69/0x90 [ 1322.941497][ T1392] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 1322.946974][ T1392] flock_lock_inode+0xbe8/0x1030 [ 1322.951934][ T1392] locks_lock_inode_wait+0x1da/0x490 [ 1322.957245][ T1392] __do_sys_flock+0x446/0x520 [ 1322.961941][ T1392] do_syscall_64+0xcd/0x4c0 [ 1322.966470][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1322.972366][ T1392] [ 1322.974679][ T1392] Memory state around the buggy address: [ 1322.980299][ T1392] ffff8880788d1280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1322.988363][ T1392] ffff8880788d1300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1322.996419][ T1392] >ffff8880788d1380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1323.004475][ T1392] ^ [ 1323.010355][ T1392] ffff8880788d1400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1323.018410][ T1392] ffff8880788d1480: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 1323.026465][ T1392] ================================================================== [ 1323.035682][ T1392] ================================================================== [ 1323.043745][ T1392] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x11d/0x2b0 [ 1323.051562][ T1392] Write of size 4 at addr ffff8880788d13b0 by task syz.6.11608/1392 [ 1323.059562][ T1392] [ 1323.061885][ T1392] CPU: 0 UID: 0 PID: 1392 Comm: syz.6.11608 Tainted: G B 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) [ 1323.061940][ T1392] Tainted: [B]=BAD_PAGE [ 1323.061953][ T1392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1323.061975][ T1392] Call Trace: [ 1323.061987][ T1392] [ 1323.062001][ T1392] dump_stack_lvl+0x116/0x1f0 [ 1323.062059][ T1392] print_report+0xcd/0x630 [ 1323.062115][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1323.062160][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1323.062204][ T1392] ? __phys_addr+0xe8/0x180 [ 1323.062256][ T1392] ? do_raw_spin_lock+0x11d/0x2b0 [ 1323.062295][ T1392] kasan_report+0xe0/0x110 [ 1323.062355][ T1392] ? do_raw_spin_lock+0x11d/0x2b0 [ 1323.062408][ T1392] kasan_check_range+0x100/0x1b0 [ 1323.062454][ T1392] do_raw_spin_lock+0x11d/0x2b0 [ 1323.062490][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1323.062534][ T1392] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1323.062570][ T1392] ? add_taint+0x5f/0xd0 [ 1323.062624][ T1392] ? const_folio_flags+0x5b/0x100 [ 1323.062686][ T1392] __buffer_migrate_folio+0x40b/0x6d0 [ 1323.062728][ T1392] ? __pfx_buffer_migrate_folio_norefs+0x10/0x10 [ 1323.062766][ T1392] move_to_new_folio+0x19f/0x400 [ 1323.062804][ T1392] migrate_pages_batch+0x1fab/0x3bd0 [ 1323.062845][ T1392] ? __pfx_compaction_free+0x10/0x10 [ 1323.062894][ T1392] ? __pfx_migrate_pages_batch+0x10/0x10 [ 1323.062942][ T1392] migrate_pages_sync+0x12d/0x8a0 [ 1323.062981][ T1392] ? __pfx_compaction_alloc+0x10/0x10 [ 1323.063020][ T1392] ? __pfx_compaction_free+0x10/0x10 [ 1323.063060][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1323.063104][ T1392] ? __lock_acquire+0x622/0x1c90 [ 1323.063160][ T1392] ? __pfx_migrate_pages_sync+0x10/0x10 [ 1323.063197][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1323.063247][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1323.063294][ T1392] migrate_pages+0x1b67/0x23b0 [ 1323.063334][ T1392] ? __pfx_compaction_alloc+0x10/0x10 [ 1323.063373][ T1392] ? __pfx_compaction_free+0x10/0x10 [ 1323.063419][ T1392] ? __pfx_migrate_pages+0x10/0x10 [ 1323.063468][ T1392] ? __pfx_isolate_migratepages_block+0x10/0x10 [ 1323.063513][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1323.063556][ T1392] ? pfn_to_online_page+0x1de/0x560 [ 1323.063608][ T1392] compact_zone+0x2018/0x4760 [ 1323.063655][ T1392] ? __free_object+0x270/0x400 [ 1323.063699][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1323.063749][ T1392] ? __pfx_debug_object_free+0x10/0x10 [ 1323.063799][ T1392] ? __pfx_compact_zone+0x10/0x10 [ 1323.063840][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1323.063885][ T1392] ? __flush_work+0x4d0/0xcc0 [ 1323.063929][ T1392] compact_node+0x1a4/0x2d0 [ 1323.063971][ T1392] ? __pfx_compact_node+0x10/0x10 [ 1323.064034][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1323.064077][ T1392] ? __lru_add_drain_all+0xe7/0x6f0 [ 1323.064134][ T1392] sysctl_compaction_handler+0x141/0x210 [ 1323.064181][ T1392] proc_sys_call_handler+0x440/0x570 [ 1323.064229][ T1392] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 1323.064274][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1323.064317][ T1392] ? splice_from_pipe_next+0x1f8/0x5d0 [ 1323.064377][ T1392] iter_file_splice_write+0x91f/0x1150 [ 1323.064450][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1323.064495][ T1392] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1323.064555][ T1392] ? __pfx_copy_splice_read+0x10/0x10 [ 1323.064616][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1323.064661][ T1392] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1323.064718][ T1392] direct_splice_actor+0x192/0x6c0 [ 1323.064774][ T1392] splice_direct_to_actor+0x345/0xa30 [ 1323.064829][ T1392] ? __pfx_direct_splice_actor+0x10/0x10 [ 1323.064887][ T1392] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1323.064943][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1323.064990][ T1392] do_splice_direct+0x174/0x240 [ 1323.065042][ T1392] ? __pfx_do_splice_direct+0x10/0x10 [ 1323.065096][ T1392] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1323.065151][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1323.065194][ T1392] ? rw_verify_area+0xcf/0x6c0 [ 1323.065242][ T1392] do_sendfile+0xb06/0xe50 [ 1323.065294][ T1392] ? __pfx_do_sendfile+0x10/0x10 [ 1323.065350][ T1392] __x64_sys_sendfile64+0x154/0x220 [ 1323.065387][ T1392] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1323.065430][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1323.065478][ T1392] do_syscall_64+0xcd/0x4c0 [ 1323.065535][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1323.065570][ T1392] RIP: 0033:0x7f36c158eb69 [ 1323.065597][ T1392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1323.065633][ T1392] RSP: 002b:00007f36c23e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1323.065666][ T1392] RAX: ffffffffffffffda RBX: 00007f36c17b5fa0 RCX: 00007f36c158eb69 [ 1323.065691][ T1392] RDX: 00002000000000c0 RSI: 0000000000000003 RDI: 0000000000000004 [ 1323.065714][ T1392] RBP: 00007f36c1611df1 R08: 0000000000000000 R09: 0000000000000000 [ 1323.065736][ T1392] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 1323.065759][ T1392] R13: 0000000000000000 R14: 00007f36c17b5fa0 R15: 00007ffd6c00e3d8 [ 1323.065794][ T1392] [ 1323.065806][ T1392] [ 1323.565681][ T1392] Allocated by task 31875: [ 1323.570088][ T1392] kasan_save_stack+0x33/0x60 [ 1323.574793][ T1392] kasan_save_track+0x14/0x30 [ 1323.579491][ T1392] __kasan_slab_alloc+0x89/0x90 [ 1323.584362][ T1392] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 1323.589847][ T1392] gfs2_glock_get+0x1e5/0x1230 [ 1323.594642][ T1392] gfs2_inode_lookup+0x277/0x8a0 [ 1323.599597][ T1392] gfs2_dir_search+0x22a/0x2e0 [ 1323.604376][ T1392] gfs2_lookupi+0x4b7/0x6e0 [ 1323.608901][ T1392] init_inodes+0x869/0x2eb0 [ 1323.613420][ T1392] gfs2_fill_super+0x1be2/0x2d30 [ 1323.618373][ T1392] get_tree_bdev_flags+0x38c/0x620 [ 1323.623512][ T1392] gfs2_get_tree+0x4e/0x280 [ 1323.628025][ T1392] vfs_get_tree+0x8e/0x340 [ 1323.632451][ T1392] path_mount+0x1482/0x1fd0 [ 1323.636956][ T1392] __x64_sys_mount+0x28d/0x310 [ 1323.641723][ T1392] do_syscall_64+0xcd/0x4c0 [ 1323.646249][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1323.652154][ T1392] [ 1323.654466][ T1392] Freed by task 23: [ 1323.658259][ T1392] kasan_save_stack+0x33/0x60 [ 1323.662956][ T1392] kasan_save_track+0x14/0x30 [ 1323.667652][ T1392] kasan_save_free_info+0x3b/0x60 [ 1323.672688][ T1392] __kasan_slab_free+0x51/0x70 [ 1323.677475][ T1392] kmem_cache_free+0x2d1/0x4d0 [ 1323.682261][ T1392] gfs2_glock_dealloc+0xd0/0x150 [ 1323.687223][ T1392] rcu_core+0x79c/0x1530 [ 1323.691470][ T1392] handle_softirqs+0x219/0x8e0 [ 1323.696242][ T1392] run_ksoftirqd+0x3a/0x60 [ 1323.700666][ T1392] smpboot_thread_fn+0x3f7/0xae0 [ 1323.705619][ T1392] kthread+0x3c5/0x780 [ 1323.709685][ T1392] ret_from_fork+0x5d7/0x6f0 [ 1323.714273][ T1392] ret_from_fork_asm+0x1a/0x30 [ 1323.719048][ T1392] [ 1323.721358][ T1392] Last potentially related work creation: [ 1323.727059][ T1392] kasan_save_stack+0x33/0x60 [ 1323.731754][ T1392] kasan_record_aux_stack+0xa7/0xc0 [ 1323.736958][ T1392] __call_rcu_common.constprop.0+0xa5/0xa10 [ 1323.742862][ T1392] gfs2_glock_free+0x35/0x90 [ 1323.747477][ T1392] glock_work_func+0x396/0x4d0 [ 1323.752245][ T1392] process_one_work+0x9cf/0x1b70 [ 1323.757188][ T1392] worker_thread+0x6c8/0xf10 [ 1323.761780][ T1392] kthread+0x3c5/0x780 [ 1323.765848][ T1392] ret_from_fork+0x5d7/0x6f0 [ 1323.770438][ T1392] ret_from_fork_asm+0x1a/0x30 [ 1323.775217][ T1392] [ 1323.777530][ T1392] Second to last potentially related work creation: [ 1323.784100][ T1392] kasan_save_stack+0x33/0x60 [ 1323.788801][ T1392] kasan_record_aux_stack+0xa7/0xc0 [ 1323.794013][ T1392] insert_work+0x36/0x230 [ 1323.798346][ T1392] __queue_work+0x97e/0x1160 [ 1323.802947][ T1392] __queue_delayed_work+0x35b/0x460 [ 1323.808156][ T1392] queue_delayed_work_on+0x1b5/0x200 [ 1323.813451][ T1392] gfs2_glock_queue_work+0x75/0x120 [ 1323.818680][ T1392] clear_glock+0xa7/0xe0 [ 1323.822954][ T1392] glock_hash_walk+0x12c/0x1c0 [ 1323.827734][ T1392] gfs2_gl_hash_clear+0x103/0x780 [ 1323.832783][ T1392] gfs2_fill_super+0x2524/0x2d30 [ 1323.837736][ T1392] get_tree_bdev_flags+0x38c/0x620 [ 1323.842871][ T1392] gfs2_get_tree+0x4e/0x280 [ 1323.847388][ T1392] vfs_get_tree+0x8e/0x340 [ 1323.851818][ T1392] path_mount+0x1482/0x1fd0 [ 1323.856326][ T1392] __x64_sys_mount+0x28d/0x310 [ 1323.861096][ T1392] do_syscall_64+0xcd/0x4c0 [ 1323.865625][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1323.871528][ T1392] [ 1323.873844][ T1392] The buggy address belongs to the object at ffff8880788d0fd8 [ 1323.873844][ T1392] which belongs to the cache gfs2_glock(aspace) of size 1224 [ 1323.888595][ T1392] The buggy address is located 984 bytes inside of [ 1323.888595][ T1392] freed 1224-byte region [ffff8880788d0fd8, ffff8880788d14a0) [ 1323.902484][ T1392] [ 1323.904799][ T1392] The buggy address belongs to the physical page: [ 1323.911198][ T1392] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880788d0548 pfn:0x788d0 [ 1323.921263][ T1392] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1323.929767][ T1392] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1323.937316][ T1392] page_type: f5(slab) [ 1323.941304][ T1392] raw: 00fff00000000040 ffff888146ef3b40 dead000000000122 0000000000000000 [ 1323.949894][ T1392] raw: ffff8880788d0548 00000000800c0007 00000000f5000000 0000000000000000 [ 1323.958484][ T1392] head: 00fff00000000040 ffff888146ef3b40 dead000000000122 0000000000000000 [ 1323.967159][ T1392] head: ffff8880788d0548 00000000800c0007 00000000f5000000 0000000000000000 [ 1323.975835][ T1392] head: 00fff00000000002 ffffea0001e23401 00000000ffffffff 00000000ffffffff [ 1323.984512][ T1392] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 1323.993176][ T1392] page dumped because: kasan: bad access detected [ 1323.999579][ T1392] page_owner tracks the page as allocated [ 1324.005278][ T1392] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 31875, tgid 31874 (syz.6.10882), ts 1229886871877, free_ts 1229839928771 [ 1324.026489][ T1392] post_alloc_hook+0x1c0/0x230 [ 1324.031278][ T1392] get_page_from_freelist+0x132b/0x38e0 [ 1324.036849][ T1392] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 1324.042767][ T1392] alloc_pages_mpol+0x1fb/0x550 [ 1324.047644][ T1392] new_slab+0x247/0x330 [ 1324.051808][ T1392] ___slab_alloc+0xd1e/0x1780 [ 1324.056495][ T1392] __slab_alloc.constprop.0+0x56/0xb0 [ 1324.061881][ T1392] kmem_cache_alloc_noprof+0xef/0x3b0 [ 1324.067274][ T1392] gfs2_glock_get+0x1e5/0x1230 [ 1324.072062][ T1392] gfs2_inode_lookup+0x277/0x8a0 [ 1324.077019][ T1392] gfs2_lookup_root+0x57/0x130 [ 1324.081794][ T1392] init_sb+0xae5/0x10d0 [ 1324.085960][ T1392] gfs2_fill_super+0x1967/0x2d30 [ 1324.090918][ T1392] get_tree_bdev_flags+0x38c/0x620 [ 1324.096052][ T1392] gfs2_get_tree+0x4e/0x280 [ 1324.100570][ T1392] vfs_get_tree+0x8e/0x340 [ 1324.105002][ T1392] page last free pid 5206 tgid 5206 stack trace: [ 1324.111322][ T1392] __free_frozen_pages+0x7d5/0x10f0 [ 1324.116533][ T1392] qlist_free_all+0x4d/0x120 [ 1324.121144][ T1392] kasan_quarantine_reduce+0x195/0x1e0 [ 1324.126627][ T1392] __kasan_slab_alloc+0x69/0x90 [ 1324.131502][ T1392] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 1324.137005][ T1392] flock_lock_inode+0xbe8/0x1030 [ 1324.141964][ T1392] locks_lock_inode_wait+0x1da/0x490 [ 1324.147273][ T1392] __do_sys_flock+0x446/0x520 [ 1324.151972][ T1392] do_syscall_64+0xcd/0x4c0 [ 1324.156514][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1324.162417][ T1392] [ 1324.164726][ T1392] Memory state around the buggy address: [ 1324.170345][ T1392] ffff8880788d1280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1324.178403][ T1392] ffff8880788d1300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1324.186465][ T1392] >ffff8880788d1380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1324.194518][ T1392] ^ [ 1324.200139][ T1392] ffff8880788d1400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1324.208196][ T1392] ffff8880788d1480: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 1324.216250][ T1392] ================================================================== [ 1324.225180][ T1392] Kernel panic - not syncing: kasan.fault=panic_on_write set ... [ 1324.232916][ T1392] CPU: 0 UID: 0 PID: 1392 Comm: syz.6.11608 Tainted: G B 6.16.0-syzkaller-10355-gf2d282e1dfb3 #0 PREEMPT(full) [ 1324.246226][ T1392] Tainted: [B]=BAD_PAGE [ 1324.250373][ T1392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1324.260437][ T1392] Call Trace: [ 1324.263711][ T1392] [ 1324.266638][ T1392] dump_stack_lvl+0x3d/0x1f0 [ 1324.271256][ T1392] vpanic+0x6a3/0x780 [ 1324.275269][ T1392] ? __pfx_vpanic+0x10/0x10 [ 1324.279804][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1324.285457][ T1392] ? rcu_is_watching+0x12/0xc0 [ 1324.290243][ T1392] ? do_raw_spin_lock+0x11d/0x2b0 [ 1324.295277][ T1392] panic+0xca/0xd0 [ 1324.299024][ T1392] ? __pfx_panic+0x10/0x10 [ 1324.303469][ T1392] ? trace_irq_enable.constprop.0+0x2f/0x120 [ 1324.309461][ T1392] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1324.315294][ T1392] ? _raw_spin_unlock_irqrestore+0x31/0x80 [ 1324.321126][ T1392] end_report+0x159/0x170 [ 1324.325481][ T1392] kasan_report+0xee/0x110 [ 1324.329925][ T1392] ? do_raw_spin_lock+0x11d/0x2b0 [ 1324.334965][ T1392] kasan_check_range+0x100/0x1b0 [ 1324.339914][ T1392] do_raw_spin_lock+0x11d/0x2b0 [ 1324.344801][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1324.350449][ T1392] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1324.355834][ T1392] ? add_taint+0x5f/0xd0 [ 1324.360100][ T1392] ? const_folio_flags+0x5b/0x100 [ 1324.365159][ T1392] __buffer_migrate_folio+0x40b/0x6d0 [ 1324.370543][ T1392] ? __pfx_buffer_migrate_folio_norefs+0x10/0x10 [ 1324.376884][ T1392] move_to_new_folio+0x19f/0x400 [ 1324.381831][ T1392] migrate_pages_batch+0x1fab/0x3bd0 [ 1324.387132][ T1392] ? __pfx_compaction_free+0x10/0x10 [ 1324.392440][ T1392] ? __pfx_migrate_pages_batch+0x10/0x10 [ 1324.398116][ T1392] migrate_pages_sync+0x12d/0x8a0 [ 1324.403151][ T1392] ? __pfx_compaction_alloc+0x10/0x10 [ 1324.408538][ T1392] ? __pfx_compaction_free+0x10/0x10 [ 1324.413834][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1324.419485][ T1392] ? __lock_acquire+0x622/0x1c90 [ 1324.424465][ T1392] ? __pfx_migrate_pages_sync+0x10/0x10 [ 1324.430023][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1324.435680][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1324.441335][ T1392] migrate_pages+0x1b67/0x23b0 [ 1324.446112][ T1392] ? __pfx_compaction_alloc+0x10/0x10 [ 1324.451500][ T1392] ? __pfx_compaction_free+0x10/0x10 [ 1324.456813][ T1392] ? __pfx_migrate_pages+0x10/0x10 [ 1324.461945][ T1392] ? __pfx_isolate_migratepages_block+0x10/0x10 [ 1324.468216][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1324.473869][ T1392] ? pfn_to_online_page+0x1de/0x560 [ 1324.479097][ T1392] compact_zone+0x2018/0x4760 [ 1324.483803][ T1392] ? __free_object+0x270/0x400 [ 1324.488585][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1324.494240][ T1392] ? __pfx_debug_object_free+0x10/0x10 [ 1324.499726][ T1392] ? __pfx_compact_zone+0x10/0x10 [ 1324.504765][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1324.510424][ T1392] ? __flush_work+0x4d0/0xcc0 [ 1324.515117][ T1392] compact_node+0x1a4/0x2d0 [ 1324.519636][ T1392] ? __pfx_compact_node+0x10/0x10 [ 1324.524698][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1324.530345][ T1392] ? __lru_add_drain_all+0xe7/0x6f0 [ 1324.535576][ T1392] sysctl_compaction_handler+0x141/0x210 [ 1324.541232][ T1392] proc_sys_call_handler+0x440/0x570 [ 1324.546623][ T1392] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 1324.552448][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1324.558095][ T1392] ? splice_from_pipe_next+0x1f8/0x5d0 [ 1324.563585][ T1392] iter_file_splice_write+0x91f/0x1150 [ 1324.569084][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1324.574731][ T1392] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1324.580656][ T1392] ? __pfx_copy_splice_read+0x10/0x10 [ 1324.586065][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1324.591719][ T1392] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1324.597645][ T1392] direct_splice_actor+0x192/0x6c0 [ 1324.602789][ T1392] splice_direct_to_actor+0x345/0xa30 [ 1324.608187][ T1392] ? __pfx_direct_splice_actor+0x10/0x10 [ 1324.613848][ T1392] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1324.619766][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1324.625424][ T1392] do_splice_direct+0x174/0x240 [ 1324.630310][ T1392] ? __pfx_do_splice_direct+0x10/0x10 [ 1324.635709][ T1392] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1324.641802][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1324.647471][ T1392] ? rw_verify_area+0xcf/0x6c0 [ 1324.652261][ T1392] do_sendfile+0xb06/0xe50 [ 1324.656702][ T1392] ? __pfx_do_sendfile+0x10/0x10 [ 1324.661667][ T1392] __x64_sys_sendfile64+0x154/0x220 [ 1324.666874][ T1392] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1324.672603][ T1392] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1324.678259][ T1392] do_syscall_64+0xcd/0x4c0 [ 1324.682790][ T1392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1324.688691][ T1392] RIP: 0033:0x7f36c158eb69 [ 1324.693107][ T1392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1324.712735][ T1392] RSP: 002b:00007f36c23e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1324.721175][ T1392] RAX: ffffffffffffffda RBX: 00007f36c17b5fa0 RCX: 00007f36c158eb69 [ 1324.729155][ T1392] RDX: 00002000000000c0 RSI: 0000000000000003 RDI: 0000000000000004 [ 1324.737133][ T1392] RBP: 00007f36c1611df1 R08: 0000000000000000 R09: 0000000000000000 [ 1324.745105][ T1392] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 1324.753079][ T1392] R13: 0000000000000000 R14: 00007f36c17b5fa0 R15: 00007ffd6c00e3d8 [ 1324.761096][ T1392] [ 1324.764357][ T1392] Kernel Offset: disabled [ 1324.768680][ T1392] Rebooting in 86400 seconds..