last executing test programs:

5.680193344s ago: executing program 1 (id=969):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x30, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}]}]}, 0x30}}, 0x0)

5.421229758s ago: executing program 1 (id=973):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000100)={0x0, 0x4100, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r1, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8}}]}, 0x3c}}, 0x0)

5.125002804s ago: executing program 0 (id=977):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x80e, &(0x7f00000000c0)={[{@quota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80}}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@stripe={'stripe', 0x3d, 0x4}}, {@block_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}]}, 0x3, 0x45c, &(0x7f00000009c0)="$eJzs289rHFUcAPDvzCbpbxNrW+0PNVrF4I+kSasW9KCi4EFB0EM9xiQttdtGmgi2FK0i9SgF7+JR8C/wpBdRT4JXvUuhSC+tnlZmd6bZbHaTbLLppu7nA9O+N/OW974z83bfm5cJoGcNZ/8kETsj4o+IGKxlFxcYrv1368alqX9uXJpKolJ5+++kWu7mjUtTRdHiczvyzEgakX6exMEm9c5duHhmslyeOZ/nx+bPfjA2d+HiM6fPTp6aOTVzbuL48WNHx59/buLZjsSZtenmgY9nD+1//d2rb06duPreL98lRfwNcazH1oXk8HLlHq9UOlHdprGrLp30rVw+P097d21Yi1iNUkRkl6u/2v8HoxQLF28wXvusq40DNlSlUqnsaH34cgX4H0ui2y0AuqP4oc/mv8V2h4Yem8L1l2sToCzuW/lWO9IXaV6mv2F+20nDEXHi8r9fZ1t08DkEAEArP2Tjn6ebjf/S2FdX7p58bWgoIu6NiN0RcV9E7ImIvRHVsvdHxANt1t+4SLJ0/JNeW1Ngq5SN/17M17YWj/+K0V8MlfLcrmr8/cnJ0+WZI/k5GYn+LVl+fJk6fnz19y9bHasf/2VbVn8xFszbca1vy+LPTE/OT64n5nrXP4040Ncs/uT2SkASEfsj4sAa6zj95LeHWh1bOf5lrGKdaSWVbyKeqF3/y9EQfyFZfn1ybGuUZ46MFXfFUr/+duWtVvWvK/4OyK7/9qb3/+34h5L69dq59uu48ucXLec0bd//+2r3/0DyTjU7kO/+aHJ+/vx4xEDyRq3R9fsnFj5e5IvyWfwjh5v3/92xcCYORkR2Ez8YEQ9FxMN52x+JiEcj4vAy8f/8ymPvrz3+jZXFP93W9V9IDETjnuaJ0pmfvl9U6VA78WfX/1g1NZLvWc33X/PmvBSNe9Z7/gAAAOBukEbEzkjS0dvpNB0drf29/J7YnpZn5+afOjn74bnp2jsCQ9GfFk+6Buueh47n0/oiP9GQP5o/N/6qtK2aH52aLU93O3jocTta9P/MX6Vutw7YcB1YRwPuUkv7/7autAO48/z+Q+/S/6F3Nen/JgDQI5r9/n/ShXYAd15D/7fsBz3E/B96l/4PvUv/h540t23JK/GLEy8MRKz0gr9Em4md+dnfLO1ZSyLSTdEMiQ1KdPmLCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoEP+CwAA//8dy+GE")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x0)
pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0)

5.070207343s ago: executing program 1 (id=978):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef", 0x11)

4.744847981s ago: executing program 1 (id=982):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x6, 0x10, &(0x7f0000000440)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@call={0x85, 0x0, 0x0, 0x2a}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

4.485807059s ago: executing program 1 (id=984):
syz_mount_image$xfs(&(0x7f0000009600), &(0x7f0000009640)='./file0\x00', 0x840, &(0x7f00000000c0)={[{@lazytime}, {@uqnoenforce}, {@quota}, {@filestreams}, {@grpquota}, {@allocsize={'allocsize', 0x3d, [0x30, 0x39, 0x6d]}}, {@largeio}]}, 0x4, 0x968d, &(0x7f000001c300)="$eJzs3Am4pnMBuP/3DGOXMVRSaiqiRdYsUWYGMxSSJdqRJWUpqdCmRUoqItqzb9nKEsrWSrK3UEKoZIm02Ib5X2fmDGPcpF+//+VX931f1znv+z7v8zzn+34/z3KO5mrzSRtPHAzmGkxv3GDWzr1m8pQxV21w+5FbLXjMcqfcvf8jV1x8/MjjhJHHiYPBYNTI20PTl40dnHraqMHs05Y/3LxzzzM0/2Cw/MjLkf0MVp7+MP/lM9abOkuzDnTo4W/7TP+a1gLDP2L4yWH773X4YDAYM9P2Q4PB0J6P+qDSNp8wedLDVg+5DVuNHnk+89cc07/mv2gwmP+MAR8fM6879CR8pOGfueeLzhm9wZPws//r2nzC5HVn8R8+F2cbWbby8Dk+6zlobNbj/NYltlh1ZAqnHW+DwfAl7hHnyn9Fm0+YtN7gsa/zgyNXu2CfqdOvm3MOpt8o5h4MBvOMXF/ne7Jd6j9rwsQVpt2zZ7weYZ9xLO9Jx8XxbznpweGb9GAwWGgwGLvOjHtBVVVV/Xc0YeIKa8L9f67Hu/+ffPKiZ3T/r6qq+u9t3QkTVxi+189y/5/v8e7/uyx64cem/7f/8StP3+rBJ/dDVFVV1b/VpHXx/j/m8e7/K6956Xrd/6uqqv5722j9aff/+Wa5/y/8ePf/N5602mIj6834veGBmXY5NNP/nnD/TMtnm2n5fTMtHz3TfmZef46Zlt8z0/I5h9+D9ccNBmNn/HvBKQ8vHjtu+L2R5ffOtHz8w/9OZ/G1Zlo+Yablk2ZaPnFkrMPLJ8+0fPJM66/zOFNdVVX1/0wbrTBpzcFM/85+ZPEiM96n+//5Z1679JM13qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqvrv7MHbzzpnMBgMDQaDUYPBlMHI85kfB1OnTp06/Prk8y677Ekb6P8bDZ17zeQpY67a4PYjt1rwmOVOuXv/h2fpv7b//k9Q/0nD/nMdN24w2GnTJ3so9STU+e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7iHrz9rHNGjoFRg8GUwcjzPWc8nrnfG940suqqm51y50EPb7n4+O1Hnp17zeQp2z8JY38SGhr+rGOu2uD2I7da8JjlTrl7//+Bs+e//xPUf9I0/+2HBoOR83vM8Lm8wYSNNllqMBgcdOcpm600eOi9VYbfW23sbIPZpm261LTvay/OO95znemP44e/LfzQPk6etv91px4629Asg5ipV5x7w5Fv3/zuFWd9XPKxP8eoGU8Ov+70u6ZOnTr1EQtHmusxNp6x/xmfZdbzfGTsSw2PfZldd3zXMu/ZfY+lt99xy+222W6bnZZbYZUVV1p+uZVWfdky226/wzbLTv/+GHM2btr3NZ/InM0365zdPmHmOZv1sz3WnI17/DmbtscpewxtMmPOZv8352zNx5+zcduP/KDFx48ebDFtaoYGg8XXGj3YbfjFcnMOBouvPbLuIsPrrj521GCw38MfdPjZnA8dg0N7Dq+z+aSNJz48skd/wkddpx+x4uLjRx4njDxOnD7EcYOHD8Wxg1NPGzU8F4+Y5nnnnmdo/sFg+ZGXI/sZrDry7iEz1ps6S7MOdOjhb/tM/5rWAsM7GX7yjmXPunr4XJxl+/8/+j+6/j/Ka5WhhyZqaORrZJ3pXhMmr/vwz5o2DcNzN9vIspWHTWads/+bPWq842YfjHmc8U5ad+IKw4tnmf8Zm+DxdccSF3xg+rE1fuXpWz34f4xC453vcca77gQc73yPN97jPnjJadN39X9tvLNc69ab9n38E7nWDR7/Wjcb7WCbixeb9Vr36sce4iPO4xlzNOcsKz3WtW63g5ffc3j/4x//Wrfe8NhHP+JaN2owWHzNGde64QvfpNGD/YZfLD/8YvLowTHDL1aY9mLuwXnDL176tp132Hp4wToz5mTZ4f2OHzs0zf2ClW9ZcuoBU6euNTKW8WMfOdaR42PczPfzCWOnT+aMbWfsd3jVGfu9+enT35s0st8J/8Z+Z2xL471zgenvTR7Z78RZ9jv6cfY7Y9tHnQ9LDT104XqM682kWa43I3/jzPhxj/iaY/rX/BcNBvOfQb6zrPsvr5l0/s71OOOdMHGFNYfHN8v5+9DhSOfvJZOvGr5XzD8YDBYaDMauM2Ps/2ZDjzXe2R9/vBNhvLM/3nivOHbH9f8vjHcw03gfcZxtvtH0Y2WdkeNs8r9x/M7Ydtbr2Ohp706/7K/zRK5j4x51HfvobKNmmeyZeqzf2baG9ac/X+Th33OvOfHoGXM/epb9/qvf2Wb6LENwHRszy9/zo9a5fjBEc77ncatfOnTg48/56MEj/7aYMecztn28OZ/8ROb8WY8/50/09+Slnj/9/dGzjH/mOd9w32d+ZsaczzHLfv/VnE9+/HvHo+d8/GA0zfmy902ft8e7nj7WnM/YdsacD3/E1cbOPlh7+J41MueTnsicL/J/5zifB9af/nybhxadfeQpr5sx57PO8b+a80n/7pyPe+g4X3zae88bNZhjjsFuW+666y7LTf8+4+Xy07/zteiea6bP8+PdSx/LaMa2j3derPVEjMY8IaOhf2W06OyPZfTwqXXEzrs87f/0WrTWv2s04GvRVUdPn7fH+73oseZ8xrZ0H1x4pu1n/Tt0o/Wn/d493yz3wRmb4H3w7DPX23vGLkc2e2CWYc64r94/0/LZZlp+30zLR8+0n5nXn2Om5ffMtHz4I8wx0/ozWMcN/807snzKw6uPHf7ladzI8ntnWj7+4W0XX2um5RNmWj5ppuUTHz40Fp880/LJM62/zuDfbMZ/k95+1ot8PdH677/u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zFPXj7WeeMHAOjBoMpg+nPh0YeB3sObXjbGsOPg8Fg9MonTN3wyR7vk9zQuddMnjLmqg1uP3KrBY9Z7pS79/8fOHv++z9B/SdN899+aDAYOb/HbD8YDDaYsNEmSw0Ggw2nnrDyqMFD7y0y/N7qY0cNBvsNPWIHcz60ztCew+tsPmnjiYPBXCNrjHvUD33UefSIFRcfP/I4YeRx4vTr07jBw8fr2MGpp40azD5t+cPNO/c8Q/MPBsuPvBzZz2Dl6Q/zXz5jvamzNOtAhx7+ts/0r2ktMPwjhp/stt3kZw/P1Szb/z/TjGv19qP+5aqd/+7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93/55/R8v/Wom6y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u3/ff+7/X8ZRT06d/+7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8tf3IO3n3XOyDEwajCYMpj+fGjPkcfB0EmnvnDkEBm9+5VHHfpkj/dJbujcayZPGXPVBrcfudWCxyx3yt37/w+cPf/9n6D+k6b5bz80GIyc32O2HwwGG0zYaJOlBoPBoUddufuowUPvLTL83upjRw0G+w09YgdzPrTO0J7D62w+aeOJg8FcI2uMe9QPfdR59IgVFx8/8jhh5HHi9OvTuMHDx+vYwamnjRrMPm35w8079zxD8w8Gy4+8HNnPYOXpD/NfPmO9qbM060CHHv62z/SvaS0w/COGn+w13zUnDc/VLNv/P9OMa/X2o/7lqp3/7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3lL+7B2886Z+QYGDUYTBlMfz5q5HFoz5tu/PAmw4/DrxdcZ+9rnuzxPskNnXvN5Cljrtrg9iO3WvCY5U65e///gbPnv/8T1H/SsP9cx40bDHba9MkeSj0Jdf67y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/uAdvP+uckaejHl46as+OC2zo3GsmTxlz1Qa3H7nVgscsd8rd+z/ZA/pPewz/j+aPWfw/lj9m8f94/pjF/xP5Yxb/vfLHLP6fzB+z+O+dP2bx/1T+mMX/0/ljFv998scs/p/JH7P475s/ZvH/bP6Yxf9z+WMW/8/nj1n898sfs/jvnz9m8f9C/pjF/4D8MYv/gfljFv8v5o9Z/A/KH7P4H5w/ZvH/Uv6Yxf/L+WMW/6/kj1n8v5o/ZvH/Wv6Yxf/r+WMW/2/kj1n8v5k/ZvE/JH/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi/+38scs/sfnj1n8T8gfs/ifmD9m8T8pf8zif3L+mMX/2/ljFv/v5I9Z/E/JH7P4n5o/ZvE/LX/M4n96/pjF/7v5Yxb/M/LHLP5n5o9Z/M/KH7P4fy9/zOL//fwxi//Z+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bx/0H+mMX/h/ljFv8f5Y9Z/H+cP2bx/0n+mMX/p/ljFv8L8scs/hfmj1n8f5Y/ZvG/KH/M4v/z/DGL/8X5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/xf5Yxb/X+aPWfx/lT9m8f91/pjF/6r8MYv/1fljFv/f5I9Z/H+bP2bxvyZ/zOL/u/wxi/+1+WMW/+vyxyz+1+ePWfx/nz9m8b8hf8zif2P+mMX/pvwxi/8f8scs/n/MH7P4/yl/zOJ/c/6Yxf/P+WMW/1vyxyz+t+aPWfxvyx+z+N+eP2bx/0v+mMX/jvwxi/+d+WMW/7/mj1n878ofs/j/LX/M4v/3/DGL/z/yxyz+/8wfs/jfnT9m8b8nf8zif2/+mMX/vvwxi//9+WMW/yn5Yxb/B/LHLP4P5o9Z/Kfmj0n8Zxvkj1n8h/LHLP6j8scs/rPlj1n8Z88fs/iPzh+z+M+RP2bxnzN/zOI/V/6YxX/u/DGL/zz5Yxb/efPHLP7z5Y9Z/OfPH7P4PyV/zOK/QP6YxX9M/pjFf8H8MYv/2Pwxi/9C+WMW/4Xzxyz+T80fs/g/LX/M4v/0/DGL/yL5Yxb/Z+SPWfwXzR+z+D8zf8zi/6z8MYv/YvljFv9n549Z/J+TP2bxH5c/ZvF/bv6Yxf95+T+q2UceDf7Pzx+znP+L549Z/JfIH7P4vyB/zOK/ZP6YxX+p/DGL/wvzxyz+L8ofs/i/OH/M4v+S/DGL/9L5Yxb/l+aPWfyXyR+z+C+bP2bxXy5/zOK/fP6YxX+F/DGL/4r5Yxb/l+WPWfxXyh+z+K+cP2bxXyV/zOK/av6Yxf/l+WMW/9Xyxyz+q+ePWfxfkT9m8X9l/pjFf438MYv/+Pwxi/+E/DGL/8T8MYv/mvljFv+18scs/mvnj1n8J+WPWfwnq/xne8JrWvzXUfk/8Sz+6+aPWfxflT9m8X91/pjFf738MYv/+vljFv8N8scs/q/JH7P4b5g/ZvF/bf6YxX+j/DGL/8b5Yxb/TfLHLP6b5o9Z/F+XP2bx3yx/zOK/ef6Yxf/1+WMW/zfkj1n835g/ZvF/U/6Yxf/N+WMW/7fkj1n835o/ZvHfIn/M4r9l/pjFf6v8MYv/2/LHLP5b549Z/LfJH7P4b5s/ZvHfLn/M4v/2/DGL//b5Yxb/d+SPWfzfmT9m8d8hf8ziv2P+mMV/p/wxi//O+WMW/3flj1n8350/ZvHfJX/M4v+e/DGL/675Yxb/9+aPWfzflz9m8X9//pjFf7f8MYv/7vljFv898scs/h/IH7P4fzB/zOL/ofwxi/+H88cs/h/JH7P475k/ZvH/aP6Yxf9j+WMW/4/nj1n8P5E/ZvHfK3/M4v/J/DGL/975Yxb/T+WPWfw/nT9m8d8nf8zi/5n8MYv/vvljFv/P5o9Z/D+XP2bx/3z+mMV/v/wxi//++WMW/y/kj1n8D8gfs/gfmD9m8f9i/pjF/6D8MYv/wfljFv8v5Y9Z/L+cP2bx/0r+mMX/q/ljFv+v5Y9Z/L+eP2bx/0b+mMX/m/ljFv9D8scs/ofmj1n8D8sfs/gfnj9m8T8if8zif2T+mMX/qPwxi//R+WMW/2Pyxyz+x+aPWfyPyx+z+H8rf8zif3z+mMX/hPwxi/+J+WMW/5Pyxyz+J+ePWfy/nT9m8f9O/pjF/5T8MYv/qfljFv/T8scs/qfnj1n8v5s/ZvE/I3/M4n9m/pjF/6z8MYv/9/LHLP7fzx+z+J+dP2bxPyf/aR042yNfW/zPzR+z+J+XP2bxPz9/zOL/g/wxi/8P88cs/j/KH7P4/zh/zOL/k/wxi/9P88cs/hfkj1n8L8wfs/j/LH/M4n9R/pjF/+f5Yxb/i/PHLP6X5I9Z/C/NH7P4X5Y/ZvG/PH/M4n9F/pjF/8r8MYv/L/LHLP6/zB+z+P8qf8zi/+v8MYv/VfljFv+r88cs/r/JH7P4/zZ/zOJ/Tf6Yxf93+WMW/2vzxyz+1+WPWfyvzx+z+P8+f8zif0P+mMX/xvwxi/9N+WMW/z/kj1n8/5g/ZvH/U/6Yxf/m/DGL/5/zxyz+t+SPWfxvzR+z+N+WP2bxvz1/zOL/l/wxi/8d+WMW/zvzxyz+f80fs/jflT9m8f9b/pjF/+/5Yxb/f+SPWfz/mT9m8b87f8zif0/+mMX/3vwxi/99+WMW//vzxyz+U/LHLP4P5I9Z/B/MH7P4T80fk/jPPsgfs/gP5Y9Z/Eflj1n8Z8sfs/jPnj9m8R+dP2bxnyN/zOI/Z/6YxX+u/DGL/9z5Yxb/efLHLP7z5o9Z/OfLH7P4z58/ZvF/Sv6YxX+B/DGL/5j8MYv/gvljFv+x+WMW/4Xyxyz+C+ePWfyfmj9m8X9a/pjF/+n5Yxb/RfLHLP7PyB+z+C+aP2bxf2b+mMX/WfljFv/F8scs/s/OH7P4Pyd/zOI/Ln/M4v/c/DGL//Pyxyz+z88fs/gvnj9m8V8if8zi/4L8MYv/kvljFv+l8scs/i/MH7P4vyh/zOL/4vwxi/9L8scs/kvnj1n8X5o/ZvFfJn/M4r9s/pjFf7n8MYv/8vljFv8V8scs/ivmj1n8X5Y/ZvFfKX/M4r9y/pjFf5X8MYv/qvljFv+X549Z/FfLH7P4r54/ZvF/Rf6Yxf+V+WMW/zXyxyz+4/PHLP4T8scs/hPzxyz+a+aPWfzXyh+z+K+dP2bxn5Q/ZvGfnD9m8V8nf8ziv27+mMX/VfljFv9X549Z/NcT+q/xBNax+K8v9H8iWfw3yB+z+L8mf8ziv2H+mMX/tYPL8ocs/ht1/mMW/43zxyz+m+SPWfw3zR+z+L8uf8ziv1n+mMV/8/wxi//r88cs/m/IH7P4vzF/zOL/pvwxi/+b88cs/m/JH7P4vzV/zOK/Rf6YxX/L/DGL/1b5Yxb/t+WPWfy3zh+z+G+TP2bx3zZ/zOK/Xf6Yxf/t+WMW/+3zxyz+78gfs/i/M3/M4r9D/pjFf8f8MYv/TvljFv+d88cs/u/KH7P4vzt/zOK/S/6Yxf89+WMW/13zxyz+780fs/i/L3/M4v/+/DGL/275Yxb/3fPHLP575I9Z/D+QP2bx/2D+mMX/Q/ljFv8P549Z/D+SP2bx3zN/zOL/0fwxi//H8scs/h/PH7P4fyJ/zOK/V/6Yxf+T+WMW/73zxyz+n8ofs/h/On/M4r9P/pjF/zP5Yxb/ffPHLP6fzR+z+H8uf8zi//n8MYv/fvljFv/988cs/l/IH7P4H5A/ZvE/MH/M4v/F/DGL/0H5Yxb/g/PHLP5fyh+z+H85f8zi/5X8MYv/V/PHLP5fyx+z+H89f8zi/438MYv/N/PHLP6H5I9Z/A/NH7P4H5Y/ZvE/PH/M4n9E/pjF/8j8MYv/UfljFv+j88cs/sfkj1n8j80fs/gflz9m8f9W/pjF//j8MYv/CfljFv8T88cs/iflj1n8T84fs/h/O3/M4v+d/DGL/yn5Yxb/U/PHLP6n5Y9Z/E/PH7P4fzd/zOJ/Rv6Yxf/M/DGL/1n5Yxb/7+WPWfy/nz9m8T87f8zif07+mMX/3Pwxi/95+WMW//Pzxyz+P8gfs/j/MH/M4v+j/DGL/4/zxyz+P8kfs/j/NH/M4n9B/pjF/8L8MYv/z/LHLP4X5Y9Z/H+eP2bxvzh/zOJ/Sf6Yxf/S/DGL/2X5Yxb/y/PHLP5X5I9Z/K/MH7P4/yJ/zOL/y/wxi/+v8scs/r/OH7P4X5U/ZvG/On/M4v+b/DGL/2/zxyz+1+SPWfx/lz9m8b82f8zif13+mMX/+vwxi//v88cs/jfkj1n8b8wfs/jflD9m8f9D/pjF/4/5Yxb/P+WPWfxvzh+z+P85f8zif0v+mMX/1vwxi/9t+WMW/9vzxyz+f8kfs/jfkT9m8b8zf8zi/9f8MYv/XfljFv+/5Y9Z/P+eP2bx/0f+mMX/n/ljFv+788cs/vfkj1n8780fs/jflz9m8b8/f8ziPyV/zOL/QP6Yxf/B/DGL/9T8MYn/6EH+mMV/KH/M4j8qf8ziP1v+mMV/9vwxi//o/DGL/xz5Yxb/OfPHLP5z5Y9Z/OfOH7P4z5M/ZvGfN3/M4j9f/pjFf/78MYv/U/LHLP4L5I9Z/Mfkj1n8F8wfs/iPzR+z+C+UP2bxXzh/zOL/1Pwxi//T8scs/k/PH7P4L5I/ZvF/Rv6YxX/R/DGL/zPzxyz+z8ofs/gvlj9m8X92/pjF/zn5Yxb/cfljFv/n5o9Z/J+XP2bxf37+mMV/8fwxi/8S+WMW/xfkj1n8l8wfs/gvlT9m8X9h/pjF/0X5Yxb/F+ePWfxfkj9m8V86f8zi/9L8MYv/MvljFv9l88cs/svlj1n8l88fs/ivkD9m8V8xf8zi/7L8MYv/SvljFv+V88cs/qvkj1n8V80fs/i/PH/M4r9a/pjFf/X8MYv/K/LHLP6vzB+z+K+RP2bxH58/ZvGfkD9m8Z+YP2bxXzN/zOK/Vv6YxX/t/DGL/6T8MYv/5Pwxi/86+WMW/3Xzxyz+r8ofs/i/On/M4r9e/pjFf/38MYv/BvljFv/X5I9Z/DfMH7P4vzZ/zOK/Uf6YxX/j/DGL/yb5Yxb/TfPHLP6vyx+z+G+WP2bx3zx/zOL/+vwxi/8b8scs/m/MH7P4vyl/zOL/5vwxi/9b8scs/m/NH7P4b5E/ZvHfMn/M4r9V/pjF/235Yxb/rfPHLP7b5I9Z/LfNH7P4b5c/ZvF/e/6YxX/7/DGL/zvyxyz+78wfs/jvkD9m8d8xf8ziv1P+mMV/5/wxi/+78scs/u/OH7P475I/ZvF/T/6YxX/X/DGL/3vzxyz+78sfs/i/P3/M4r9b/pjFf/f8MYv/HvljFv8P5I9Z/D+YP2bx/1D+mMX/w/ljFv+P5I9Z/PfMH7P4fzR/zOL/sfwxi//H88cs/p/IH7P475U/ZvH/ZP6YxX/v/DGL/6fyxyz+n84fs/jvkz9m8f9M/pjFf9/8MYv/Z/PHLP6fyx+z+H8+f8ziv1/+mMV///wxi/8X8scs/gfkj1n8D8wfs/h/MX/M4n9Q/pjF/+D8MYv/l/LHLP5fzh+z+H8lf8zi/9X8MYv/1/LHLP5fzx+z+H8jf8zi/838MYv/IfljFv9D88cs/oflj1n8D88fs/gfkT9m8T8yf8zif1T+mMX/6Pwxi/8x+WMW/2Pzxyz+x+WPWfy/lT9m8T8+f8zif0L+mMX/xPwxi/9J+WMW/5Pzxyz+384fs/h/J3/M4n9K/pjF/9T8MYv/afljFv/T88cs/t/NH7P4n5E/ZvE/M3/M4n9W/pjF/3v5Yxb/7+ePWfzPzh+z+J+TP2bxPzd/zOJ/Xv6Yxf/8/DGL/w/yxyz+P8wfs/j/KH/M4v/j/DGL/0/yxyz+P80fs/hfkD9m8b8wf8zi/7P8MYv/RfljFv+f549Z/C/OH7P4X5I/ZvG/NH/M4n9Z/pjF//L8MYv/FfljFv8r88cs/r/IH7P4/zJ/zOL/q/wxi/+v88cs/lflj1n8r84fs/j/Jn/M4v/b/DGL/zX5Yxb/3+WPWfyvzR+z+F+XP2bxvz5/zOL/+/wxi/8N+WMW/xvzxyz+N+WPWfz/kD9m8f9j/pjF/0/5Yxb/m/PHLP5/zh+z+N+SP2bxvzV/zOJ/W/6Yxf/2/DGL/1/yxyz+d+SPWfzvzB+z+P81f8zif1f+mMX/b/ljFv+/549Z/P+RP2bx/2f+mMX/7vwxi/89+WMW/3vzxyz+9+WPWfzvzx+z+E/JH7P4P5A/ZvF/MH/M4j81f0ziP8cgf8ziP5Q/ZvEflT9m8Z8tf8ziP3v+mMV/dP6YxX+O/DGL/5z5Yxb/ufLHLP5z549Z/OfJH7P4z5s/ZvGfL3/M4j9//pjF/yn5Yxb/BfLHLP5j8scs/gvmj1n8x+aPWfwXyh+z+C+cP2bxf2r+mMX/afljFv+n549Z/BfJH7P4PyN/zOK/aP6Yxf+Z+WMW/2flj1n8F8sfs/g/O3/M4v+c/DGL/7j8MYv/c/PHLP7Pyx+z+D8/f8ziv3j+mMV/ifwxi/8L8scs/kvmj1n8l8ofs/i/MH/M4v+i/DGL/4vzxyz+L8kfs/gvnT9m8X9p/pjFf5n8MYv/svljFv/l8scs/svnj1n8V8gfs/ivmD9m8X9Z/pjFf6X8MYv/yvljFv9V8scs/qvmj1n8X54/ZvFfLX/M4r96/pjF/xX5Yxb/V+aPWfzXyB+z+I/PH7P4T8gfs/hPzB+z+K+ZP2bxXyt/zOK/dv6YxX9S/pjFf3L+mMV/nfwxi/+6+WMW/1flj1n8X50/ZvFfL3/M4r9+/pjFf4P8MYv/a/LHLP4b5o9Z/F+bP2bx3yh/zOK/cf6YxX+T/DGL/6b5Yxb/1+WPWfw3yx+z+G+eP2bxf33+mMX/DfljFv835o9Z/N+UP2bxf3P+mMX/LfljFv+35o9Z/LfIH7P4b5k/ZvHfKn/M4v+2/DGL/9b5Yxb/bfLHLP7b5o9Z/LfLH7P4vz1/zOK/ff6Yxf8d+WMW/3fmj1n8d8gfs/jvmD9m8d8pf8ziv3P+mMX/XfljFv93549Z/HfJH7P4vyd/zOK/a/6Yxf+9+WMW//flj1n8358/ZvHfLX/M4r97/pjFf4/8MYv/B/LHLP4fzB+z+H8of8zi/+H8MYv/R/LHLP575o9Z/D+aP2bx/1j+mMX/4/ljFv9P5I9Z/PfKH7P4fzJ/zOK/d/6Yxf9T+WMW/0/nj1n898kfs/h/Jn/M4r9v/pjF/7P5Yxb/z+WPWfw/nz9m8d8vf8ziv3/+mMX/C/ljFv8D8scs/gfmj1n8v5g/ZvE/KH/M4n9w/pjF/0v5Yxb/L+ePWfy/kj9m8f9q/pjF/2v5Yxb/r+ePWfy/kT9m8f9m/pjF/5D8MYv/ofljFv/D8scs/ofnj1n8j8gfs/gfmT9m8T8qf8zif3T+mMX/mPwxi/+x+WMW/+Pyxyz+38ofs/gfnz9m8T8hf8zif2L+mMX/pPwxi//J+WMW/2/nj1n8v5M/ZvE/JX/M4n9q/pjF/7T8MYv/6fljFv/v5o9Z/M/IH7P4n5k/ZvE/K3/M4v+9/DGL//fzxyz+Z+ePWfzPyR+z+J+bP2bxPy9/zOJ/fv6Yxf8H+WMW/x/mj1n8f5Q/ZvH/cf6Yxf8n+WMW/5/mj1n8L8gfs/hfmD9m8f9Z/pjF/6L8MYv/z/PHLP4X549Z/C/JH7P4X5o/ZvG/LH/M4n95/pjF/4r8MYv/lfljFv9f5I9Z/H+ZP2bx/1X+mMX/1/ljFv+r8scs/lfnj1n8f5M/ZvH/bf6Yxf+a/DGL/+/yxyz+1+aPWfyvyx+z+F+fP2bx/33+mMX/hvwxi/+N+WMW/5vyxyz+f8gfs/j/MX/M4v+n/DGL/835Yxb/P+ePWfxvyR+z+N+aP2bxvy1/zOJ/e/6Yxf8v+WMW/zvyxyz+d1r95378ty3+f7X6/4ss/nflj1n8/5Y/ZvH/e/6Yxf8f+WMW/3/mj1n8784fs/jfkz9m8b83f8zif1/+mMX//vwxi/+U/DGL/wP5Yxb/B/PHLP5T88ck/nMO8scs/kP5Yxb/UfljFv/Z8scs/rPnj1n8R+ePWfznyB+z+M+ZP2bxnyt/zOI/d/6YxX+e/DGL/7z5Yxb/+fLHLP7z549Z/J+SP2bxXyB/zOI/Jn/M4r9g/pjFf2z+mMV/ofwxi//C+WMW/6fmj1n8n5Y/ZvF/ev6YxX+R/DGL/zPyxyz+i+aPWfyfmT9m8X9W/pjFf7H8MYv/s/PHLP7PyR+z+I/LH7P4Pzd/zOL/vPwxi//z88cs/ovnj1n8l8gfs/i/IH/M4r9k/pjFf6n8MYv/C/PHLP4vyh+z+L84f8zi/5L8MYv/0vljFv+X5o9Z/JfJH7P4L5s/ZvFfLn/M4r98/pjFf4X8MYv/ivljFv+X5Y9Z/FfKH7P4r5w/ZvFfJX/M4r9q/pjF/+X5Yxb/1fLHLP6r549Z/F+RP2bxf2X+mMV/jfwxi//4/DGL/4T8MYv/xPwxi/+a+WMW/7Xyxyz+a+ePWfwn5Y9Z/Cfnj1n818kfs/ivmz9m8X9V/pjF/9X5Yxb/9fLHLP7r549Z/DfIH7P4vyZ/zOK/Yf6Yxf+1+WMW/43yxyz+G+ePWfw3yR+z+G+aP2bxf13+mMV/s/wxi//m+WMW/9fnj1n835A/ZvF/Y/6Yxf9N+WMW/zfnj1n835I/ZvF/a/6YxX+L/DGL/5b5Yxb/rfLHLP5vyx+z+G+dP2bx3yZ/zOK/bf6YxX+7/DGL/9vzxyz+2+ePWfzfkT9m8X9n/pjFf4f8MYv/jvljFv+d8scs/jvnj1n835U/ZvF/d/6YxX+X/DGL/3vyxyz+u+aPWfzfmz9m8X9f/pjF//35Yxb/3fLHLP67549Z/PfIH7P4fyB/zOL/wfwxi/+H8scs/h/OH7P4fyR/zOK/Z/6Yxf+j+WMW/4/lj1n8P54/ZvH/RP6YxX+v/DGL/yfzxyz+e+ePWfw/lT9m8f90/pjFf5/8MYv/Z/LHLP775o9Z/D+bP2bx/1z+mMX/8/ljFv/98scs/vvnj1n8v5A/ZvE/IH/M4n9g/pjF/4v5Yxb/g/LHLP4H549Z/L+UP2bx/3L+mMX/K/ljFv+v5o9Z/L+WP2bx/3r+mMX/G/ljFv9v5o9Z/A/JH7P4H5o/ZvE/LH/M4n94/pjF/4j8MYv/kfljFv+j8scs/kfnj1n8j8kfs/gfmz9m8T8uf8zi/638MYv/8fljFv8T8scs/ifmj1n8T8ofs/ifnD9m8f92/pjF/zv5Yxb/U/LHLP6n5o9Z/E/LH7P4n54/ZvH/bv6Yxf+M/DGL/5n5Yxb/s/LHLP7fyx+z+H8/f8zif3b+mMX/nPwxi/+5+WMW//Pyxyz+5+ePWfx/kD9m8f9h/pjF/0f5Yxb/H+ePWfx/kj9m8f9p/pjF/4L8MYv/hfljFv+f5Y9Z/C/KH7P4/zx/zOJ/cf6Yxf+S/DGL/6X5Yxb/y/LHLP6X549Z/K/IH7P4X5k/ZvH/Rf6Yxf+X+WMW/1/lj1n8f50/ZvG/Kn/M4n91/pjF/zf5Yxb/3+aPWfyvyR+z+P8uf8zif23+mMX/uvwxi//1+WMW/9/nj1n8b8gfs/jfmD9m8b8pf8zi/4f8MYv/H/PHLP5/yh+z+N+cP2bx/3P+mMX/lvwxi/+t+WMW/9vyxyz+t+ePWfz/kj9m8b8jf8zif2f+mMX/r/ljFv+78scs/n/LH7P4/z1/zOL/j/wxi/8/88cs/nfnj1n878kfs/jfmz9m8b8vf8zif3/+mMV/Sv6Yxf+B/DGL/4P5Yxb/qfljEv+5BvljFv+h/DGL/6j8MYv/bPljFv/Z88cs/qPzxyz+c+SPWfznzB+z+M+VP2bxnzt/zOI/T/6YxX/e/DGL/3z5Yxb/+fPHLP5PyR+z+C+QP2bxH5M/ZvFfMH/M4j82f8ziv1D+mMV/4fwxi/9T88cs/k/LH7P4Pz1/zOK/SP6Yxf8Z+WMW/0Xzxyz+z8wfs/g/K3/M4r9Y/pjF/9n5Yxb/5+SPWfzH5Y9Z/J+bP2bxf17+mMX/+fljFv/F88cs/kvkj1n8X5A/ZvFfMn/M4r9U/pjF/4X5Yxb/F+WPWfxfnD9m8X9J/pjFf+n8MYv/S/PHLP7L5I9Z/JfNH7P4L5c/ZvFfPn/M4r9C/pjFf8X8MYv/y/LHLP4r5Y9Z/FfOH7P4r5I/ZvFfNX/M4v/y/DGL/2r5Yxb/1fPHLP6vyB+z+L8yf8ziv0b+mMV/fP6YxX9C/pjFf2L+mMV/zfwxi/9a+WMW/7Xzxyz+k/LHLP6T88cs/uvkj1n8180fs/i/Kn/M4v/q/DGL/3r5Yxb/9fPHLP4b5I9Z/F+TP2bx3zB/zOL/2vwxi/9G+WMW/43zxyz+m+SPWfw3zR+z+L8uf8ziv1n+mMV/8/wxi//r88cs/m/IH7P4vzF/zOL/pvwxi/+b88cs/m/JH7P4vzV/zOK/Rf6YxX/L/DGL/1b5Yxb/t+WPWfy3zh+z+G+TP2bx3zZ/zOK/Xf6Yxf/t+WMW/+3zxyz+78gfs/i/M3/M4r9D/pjFf8f8MYv/TvljFv+d88cs/u/KH7P4vzt/zOK/S/6Yxf89+WMW/13zxyz+780fs/i/L3/M4v/+/DGL/275Yxb/3fPHLP575I9Z/D+QP2bx/2D+mMX/Q/ljFv8P549Z/D+SP2bx3zN/zOL/0fwxi//H8scs/h/PH7P4fyJ/zOK/V/6Yxf+T+WMW/73zxyz+n8ofs/h/On/M4r9P/pjF/zP5Yxb/ffPHLP6fzR+z+H8uf8zi//n8MYv/fvljFv/988cs/l/IH7P4H5A/ZvE/MH/M4v/F/DGL/0H5Yxb/g/PHLP5fyh+z+H85f8zi/5X8MYv/V/PHLP5fyx+z+H89f8zi/438MYv/N/PHLP6H5I9Z/A/NH7P4H5Y/ZvE/PH/M4n9E/pjF/8j8MYv/UfljFv+j88cs/sfkj1n8j80fs/gflz9m8f9W/pjF//j8MYv/CfljFv8T88cs/iflj1n8T84fs/h/O3/M4v+d/DGL/yn5Yxb/U/PHLP6n5Y9Z/E/PH7P4fzd/zOJ/Rv6Yxf/M/DGL/1n5Yxb/7+WPWfy/nz9m8T87f8zif07+mMX/3Pwxi/95+WMW//Pzxyz+P8gfs/j/MH/M4v+j/DGL/4/zxyz+P8kfs/j/NH/M4n9B/pjF/8L8MYv/z/LHLP4X5Y9Z/H+eP2bxvzh/zOJ/Sf6Yxf/S/DGL/2X5Yxb/y/PHLP5X5I9Z/K/MH7P4/yJ/zOL/y/wxi/+v8scs/r/OH7P4X5U/ZvG/On/M4v+b/DGL/2/zxyz+1+SPWfx/lz9m8b82f8zif13+mMX/+vwxi//v88cs/jfkj1n8b8wfs/jflD9m8f9D/pjF/4/5Yxb/P+WPWfxvzh+z+P85f8zif0v+mMX/1vwxi/9t+WMW/9vzxyz+f8kfs/jfkT9m8b8zf8zi/9f8MYv/XfljFv+/5Y9Z/P+eP2bx/0f+mMX/n/ljFv+788cs/vfkj1n8780fs/jflz9m8b8/f8ziPyV/zOL/QP6Yxf/B/DGL/9T8MYn/3IP8MYv/UP6YxX9U/pjFf7b8MYv/7PljFv/R+WMW/znyxyz+c+aPWfznyh+z+M+dP2bxnyd/zOI/b/6YxX++/DGL//z5Yxb/p+SPWfwXyB+z+I/JH7P4L5g/ZvEfmz9m8V8of8ziv3D+mMX/qfljFv+n5Y9Z/J+eP2bxXyR/zOL/jPwxi/+i+WMW/2fmj1n8n5U/ZvFfLH/M4v/s/DGL/3Pyxyz+4/LHLP7PzR+z+D8vf8zi//z8MYv/4vljFv8l8scs/i/IH7P4L5k/ZvFfKn/M4v/C/DGL/4vyxyz+L84fs/i/JH/M4r90/pjF/6X5Yxb/ZfLHLP7L5o9Z/JfLH7P4L58/ZvFfIX/M4r9i/pjF/2X5Yxb/lfLHLP4r549Z/FfJH7P4r5o/ZvF/ef6YxX+1/DGL/+r5Yxb/V+SPWfxfmT9m8V8jf8ziPz5/zOI/IX/M4j8xf8ziv2b+mMV/rfwxi//a+WMW/0n5Yxb/yfljFv918scs/uvmj1n8X5U/ZvF/df6YxX+9/DGL//r5Yxb/DfLHLP6vyR+z+G+YP2bxf23+mMV/o/wxi//G+WMW/03yxyz+m+aPWfxflz9m8d8sf8ziv3n+mMX/9fljFv835I9Z/N+YP2bxf1P+mMX/zfljFv+35I9Z/N+aP2bx3yJ/zOK/Zf6YxX+r/DGL/9vyxyz+W+ePWfy3yR+z+G+bP2bx3y5/zOL/9vwxi//2+WMW/3fkj1n835k/ZvHfIX/M4r9j/pjFf6f8MYv/zvljFv935Y9Z/N+dP2bx3yV/zOL/nvwxi/+u+WMW//fmj1n835c/ZvF/f/6YxX+3/DGL/+75Yxb/PfLHLP4fyB+z+H8wf8zi/6H8MYv/h/PHLP4fyR+z+O+ZP2bx/2j+mMX/Y/ljFv+P549Z/D+RP2bx3yt/zOL/yfwxi//e+WMW/0/lj1n8P50/ZvHfJ3/M4v+Z/DGL/775Yxb/z+aPWfw/lz9m8f98/pjFf7/8MYv//vljFv8v5I9Z/A/IH7P4H5g/ZvH/Yv6Yxf+g/DGL/8H5Yxb/L+WPWfy/nD9m8f9K/pjF/6v5Yxb/r+WPWfy/nj9m8f9G/pjF/5v5Yxb/Q/LHLP6H5o9Z/A/LH7P4H54/ZvE/In/M4n9k/pjF/6j8MYv/0fljFv9j8scs/sfmj1n8j8sfs/h/K3/M4n98/pjF/4T8MYv/ifljFv+T8scs/ifnj1n8v50/ZvH/Tv6Yxf+U/DGL/6n5Yxb/0/LHLP6n549Z/L+bP2bxPyN/zOJ/Zv6Yxf+s/DGL//fyxyz+388fs/ifnT9m8T8nf8zif27+mMX/vPwxi//5+WMW/x/kj1n8f5g/ZvH/Uf6Yxf/H+WMW/5/kj1n8f5o/ZvG/IH/M4n9h/pjF/2f5Yxb/i/LHLP4/zx+z+F+cP2bxvyR/zOJ/af6Yxf+y/DGL/+X5Yxb/K/LHLP5X5o9Z/H+RP2bx/2X+mMX/V/ljFv9f549Z/K/KH7P4X50/ZvH/Tf6Yxf+3+WMW/2vyxyz+v8sfe6T/6Cd7OP95j+F/bf6Y5fy/Ln/M4n99/pjF//f5Yxb/G/LHLP435o9Z/G/KH7P4/yF/zOL/x/wxi/+f8scs/jfnj1n8/5w/ZvG/JX/M4n9r/pjF/7b8MYv/7fljFv+/5I9Z/O/IH7P435k/ZvH/a/6Yxf+u/DGL/9/yxyz+f88fs/j/I3/M4v/P/DGL/935Yxb/e/LHLP735o9Z/O/LH7P4358/ZvGfkj9m8X8gf8zi/2D+mMV/av6YxH+eQf6YxX8of8ziPyp/zOI/W/6YxX/2/DGL/+j8MYv/HPljFv8588cs/nPlj1n8584fs/jPkz/2v+8/10Nv5f/o/vf9pzXPfPljFv/588cs/k/JH7P4L5A/ZvEfkz9m8V8wf8ziPzZ/zOK/UP6YxX/h/DGL/1Pzxyz+T8sfs/g/PX/M4r9I/pjF/xn5Yxb/RfPHLP7PzB+z+D8rf8ziv1j+mMX/2fljFv/n5I9Z/Mflj1n8n5s/ZvF/Xv6Yxf/5+WMW/8Xzxyz+S+SPWfxfkD9m8V8yf8ziv1T+mMX/hfljFv8X5Y9Z/F+cP2bxf0n+mMV/6fwxi/9L88cs/svkj1n8l80fs/gvlz9m8V8+f8ziv0L+mMV/xfwxi//L8scs/isp/ad+5F+tYfFfWen/r7P4r5I/ZvFfNX/M4v/y/DGL/2r5Yxb/1fPHLP6vyB+z+L8yf8ziv0b+mMV/fP6YxX9C/pjFf2L+mMV/zfwxi/9a+WMW/7Xzxyz+k/LHLP6T88cs/uvkj1n8180fs/i/Kn/M4v/q/DGL/3r5Yxb/9fPHLP4b5I9Z/F+TP2bx3zB/zOL/2vwxi/9G+WMW/43zxyz+m+SPWfw3zR+z+L8uf8ziv1n+mMV/8/wxi//r88cs/m/IH7P4vzF/zOL/pvwxi/+b88cs/m/JH7P4vzV/zOK/Rf6YxX/L/DGL/1b5Yxb/t+WPWfy3zh+z+G+TP2bx3zZ/zOK/Xf6Yxf/t+WMW/+3zxyz+78gfs/i/M3/M4r9D/pjFf8f8MYv/TvljFv+d88cs/u/KH7P4vzt/zOK/S/6Yxf89+WMW/13zxyz+780fs/i/L3/M4v/+/DGL/275Yxb/3fPHLP575I9Z/D+QP2bx/2D+mMX/Q/ljFv8P549Z/D+SP2bx3zN/zOL/0fwxi//H8scs/h/PH7P4fyJ/zOK/V/6Yxf+T+WMW/73zxyz+n8ofs/h/On/M4r9P/pjF/zP5Yxb/ffPHLP6fzR+z+H8uf8zi//n8MYv/fvljFv/988cs/l/IH7P4H5A/ZvE/MH/M4v/F/DGL/0H5Yxb/g/PHLP5fyh+z+H85f8zi/5X8MYv/V/PHLP5fyx+z+H89f8zi/438MYv/N/PHLP6H5I9Z/A/NH7P4H5Y/ZvE/PH/M4n9E/pjF/8j8MYv/UfljFv+j88cs/sfkj1n8j80fs/gflz9m8f9W/pjF//j8MYv/CfljFv8T88cs/iflj1n8T84fs/h/O3/M4v+d/DGL/yn5Yxb/U/PHLP6n5Y9Z/E/PH7P4fzd/zOJ/Rv6Yxf/M/DGL/1n5Yxb/7+WPWfy/nz9m8T87f8zif07+mMX/3Pwxi/95+WMW//Pzxyz+P8gfs/j/MH/M4v+j/DGL/4/zxyz+P8kfs/j/NH/M4n9B/pjF/8L8MYv/z/LHLP4X5Y9Z/H+eP2bxvzh/zOJ/Sf6Yxf/S/DGL/2X5Yxb/y/PHLP5X5I9Z/K/MH7P4/yJ/zOL/y/wxi/+v8scs/r/OH7P4X5U/ZvG/On/M4v+bmf2HOhhmZPH/beSYxf+a/DGL/+/yxyz+1+aPWfyvyx+z+F+fP2bx/33+mMX/hvwxi/+N+WMW/5vyxyz+f8gfs/j/MX/M4v+n/DGL/835Yxb/P+ePWfxvyR+z+N+aP2bxvy1/zOJ/e/6Yxf8v+WMW/zvyxyz+d+aPWfz/mj9m8b8rf8zi/7f8MYv/3/PHLP7/yB+z+P8zf8zif3f+mMX/nvwxi/+9+WMW//vyxyz+9+ePWfyn5I9Z/B/IH7P4P5g/ZvGfmj8m8Z93kD9m8e//8o2z+I/KH7P4z5Y/ZvGfPX/M4j86f8ziP0f+mMV/zvwxi/9c+WMW/7nzxyz+8+SPWfznzR+z+M+XP2bxnz9/zOL/lPwxi/8C+WMW/zH5Yxb/BfPHLP5j88cs/gvlj1n8F84fs/g/NX/M4v+0/DGL/9Pzxyz+i+SPWfyfkT9m8V80f8zi/8z8MYv/s/LHLP6L5Y9Z/J+dP2bxf07+mMV/XP6Yxf+5+WMW/+flj1n8n58/ZvFfPH/M4r9E/pjF/wX5Yxb/JfPHLP5L5Y9Z/F+YP2bxf1H+mMX/xfljFv+X5I9Z/JfOH7P4vzR/zOK/TP6YxX/Z/DGL/3L5Yxb/5fPHLP4r5I9Z/FfMH7P4vyx/zOK/Uv6YxX/l/DGL/yr5Yxb/VfPHLP4vzx+z+K+WP2bxXz1/zOL/ivwxi/8r88cs/mvkj1n8x+ePWfwn5I9Z/Cfmj1n818wfs/ivlT9m8V87f8ziPyl/zOI/OX/M4r9O/pjFf938MYv/q/LHLP6vzh+z+K+XP2bxXz9/zOK/Qf6Yxf81+WMW/w3zxyz+r80fs/hvlD9m8d84f8ziv0n+mMV/0/yx/2X/qR95aOm8r8sf+1/2n/n83yx/zOK/ef6Yxf/1+WMW/zfkj1n835g/ZvF/U/6Yxf/N+WMW/7fkj1n835o/ZvHfIn/M4r9l/pjFf6v8MYv/2/LHLP5b549Z/LfJH7P4b5s/ZvHfLn/M4v/2/DGL//b5Yxb/d+SPWfzfmT9m8d8hf8ziv2P+mMV/p/wxi//O+WMW/3flj1n8350/ZvHfJX/M4v+e/DGL/675Yxb/9+aPWfzflz9m8X9//pjFf7f8MYv/7vljFv898scs/h/IH7P4fzB/zOL/ofwxi/+H88cs/h/JH7P475k/ZvH/aP6Yxf9j+WMW/4/nj1n8P5E/ZvHfK3/M4v/J/DGL/975Yxb/T+WPWfw/nT9m8d8nf8zi/5n8MYv/vvljFv/P5o9Z/D+XP2bx/3z+mMV/v/wxi//++WMW/y/kj1n8D8gfs/gfmD9m8f9i/pjF/6D8MYv/wfljFv8v5Y9Z/L+cP2bx/0r+mMX/q/ljFv+v5Y9Z/L+eP2bx/0b+mMX/m/ljFv9D8scs/ofmj1n8D8sfs/gfnj9m8T8if8zif2T+mMX/qPwxi//R+WMW/2Pyxyz+x+aPWfyPyx+z+H8rf8zif3z+mMX/hPwxi/+J+WMW/5Pyxyz+J+ePWfy/nT9m8f9O/pjF/5T8MYv/qfljFv/T8scs/qfnj1n8v5s/ZvE/I3/M4n9m/pjF/6z8MYv/9/LHLP7fzx+z+J+dP2bxPyd/zOJ/bv6Yxf+8/DGL//n5Yxb/H+SPWfx/mD9m8f9R/pjF/8f5Yxb/n+SPWfx/mj9m8b8gf8zif2H+mMX/Z/ljFv+L8scs/j/PH7P4X5w/ZvG/JH/M4n9p/pjF/zKf/9xPZCWL/+U+/yeUxf+K/DGL/5X5Yxb/X+SPWfx/mT9m8f9V/pjF/9f5Yxb/q/LHLP5X549Z/H+TP2bx/23+mMX/mvwxi//v8scs/tfmj1n8r8sfs/hfnz9m8f99/pjF/4b8MYv/jfljFv+b8scs/n/IH7P4/zF/zOL/p/wxi//N+WMW/z/nj1n8b8kfs/jfmj9m8b8tf8zif3v+mMX/L/ljFv878scs/nfmj1n8/5o/ZvG/K3/M4v+3/DGL/9/zxyz+/8gfs/j/M3/M4n93/pjF/578MYv/vfljFv/78scs/vfnj1n8p+SPWfwfyB+z+D+YP2bxn5o/JvGfb5A/ZvEfyh+z+I/KH7P4z5Y/ZvGfPX/M4j86f8ziP0f+mMV/zvwxi/9c+WMW/7nzxyz+8+SPWfznzR+z+M+XP2bxnz9/zOL/lPwxi/8C+WMW/zH5Yxb/BfPHLP5j88cs/gvlj1n8F84fs/g/NX/M4v+0/DGL/9Pzxyz+i+SPWfyfkT9m8V80f8zi/8z8MYv/s/LHLP6L5Y9Z/J+dP2bxf07+mMV/XP6Yxf+5+WMW/+flj1n8n58/ZvFfPH/M4r9E/pjF/wX5Yxb/JfPHLP5L5Y9Z/F+YP2bxf1H+mMX/xfljFv+X5I9Z/JfOH7P4vzR/zOK/TP6YxX/Z/DGL/3L5Yxb/5fPHLP4r5I9Z/FfMH7P4vyx/zOK/Uv6YxX/l/DGL/yr5Yxb/VfPHLP4vzx+z+K+WP2bxXz1/zOL/ivwxi/8r88cs/mvkj1n8x+ePWfwn5I9Z/Cfmj1n818wfs/ivlT9m8V87f8ziPyl/zOI/OX/M4r9O/pjFf938MYv/q/LHLP6vzh+z+K+XP2bxXz9/zOK/Qf6Yxf81+WMW/w3zxyz+r80fs/hvlD9m8d84f8ziv0n+mMV/0/wxi//r8scs/pvlj1n8N88fs/i/Pn/M4v+G/DGL/xvzxyz+b8ofs/i/OX/M4v+W/DGL/1vzxyz+W+SPWfy3zB+z+G+VP2bxf1v+mMV/6/wxi/82+WMW/23zxyz+2+WPWfzfnj9m8d8+f8zi/478MYv/O/PHLP475I9Z/HfMH7P475Q/ZvHfOX/sIf9tT/qf9n9X/pjl/H93/pjFf5f8MYv/e/LHLP675o9Z/N+bP2bxf1/+mMX//fljFv/d8scs/rvnj1n898gfs/h/IH/M4v/B/DGL/4fyxyz+H84fs/h/JH/M4r9n/pjF/6P5Yxb/j+WPWfw/nj9m8f9E/pjFf6/8MYv/J/PHLP57549Z/D+VP2bx/3T+mMV/n/wxi/9n8scs/vvmj1n8P5s/ZvH/XP6Yxf/z+WMW//3yxyz+++ePWfy/kD9m8T8gf8zif2D+mMX/i/ljFv+D8scs/gfnj1n8v5Q/ZvH/cv6Yxf8r+WMW/6/mj1n8v5Y/ZvH/ev6Yxf8b+WMW/2/mj1n8D8kfs/gfmj9m8T8sf8zif3j+mMX/iPwxi/+R+WMW/6Pyxyz+R+ePWfyPyR+z+B+bP2bxPy5/zOL/rfwxi//x+WMW/xPyxyz+J+aPWfxPyh+z+J+cP2bx/3b+mMX/O/ljFv9T8scs/qfmj1n8T8sfs/ifnj9m8f9u/pjF/4z8MYv/mfljFv+z8scs/t/LH7P4fz9/zOJ/dv6Yxf+c/DGL/7n5Yxb/8/LHLP7n549Z/H+QP2bx/2H+mMX/R/ljFv8f549Z/H+SP2bx/2n+mMX/gvwxi/+F+WMW/5/lj1n8L8ofs/j/PH/M4n9x/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8f9F/pjF/5f5Yxb/X+WPWfx/nT9m8b8qf8zif3X+mMX/N/ljFv/f5o9Z/K/JH7P4/y5/zOJ/bf6Yxf+6/DGL//X5Yxb/3+ePWfxvyB+z+N+YP2bxvyl/zOL/h/wxi/8f88cs/n/KH7P435w/ZvH/c/6Yxf+W/DGL/635Yxb/2/LHLP63549Z/P+SP2bxvyN/zOJ/Z/6Yxf+v+WMW/7vyxyz+f8sfs/j/PX/M4v+P/DGL/z/zxyz+d+ePWfzvyR+z+N+bP2bxvy9/zOJ/f/6YxX9K/pjF/4H8MYv/g/ljFv+p+WMS//kH+WMW/6H8MYv/qPwxi/9s+WMW/9nzxyz+o/PHLP5z5I9Z/OfMH7P4z5U/ZvGfO3/M4j9P/pjFf978MYv/fPljFv/588cs/k/JH7P4L5A/ZvEfkz9m8V8wf8ziPzZ/zOK/UP6YxX/h/DGL/1Pzxyz+T8sfs/g/PX/M4r9I/pjF/xn5Yxb/RfPHLP7PzB+z+D8rf8ziv1j+mMX/2fljFv/n5I9Z/Mflj1n8n5s/ZvF/Xv6Yxf/5+WMW/8Xzxyz+S+SPWfxfkD9m8V8yf8ziv1T+mMX/hfljFv8X5Y9Z/F+cP2bxf0n+mMV/6fwxi/9L88cs/svkj1n8l80fs/gvlz9m8V8+f8ziv0L+mMV/xfwxi//L8scs/ivlj1n8V84fs/ivkj9m8V81f8zi//L8MYv/avljFv/V88cs/q/IH7P4vzJ/zOK/Rv6YxX98/pjFf0L+mMV/Yv6YxX/N/DGL/1r5Yxb/tfPHLP6T8scs/pPzxyz+6+SPWfzXzR+z+L8qf8zi/+r8MYv/evljFv/188cs/hvkj1n8X5M/ZvHfMH/M4v/a/DGL/0b5Yxb/jfPHLP6b5I9Z/DfNH7P4vy5/zOK/Wf6YxX/z/DGL/+vzxyz+b8gfs/i/MX/M4v+m/DGL/5vzxyz+b8kfs/i/NX/M4r9F/pjFf8v8MYv/VvljFv+35Y9Z/LfOH7P4b5M/ZvHfNn/M4r9d/pjF/+35Yxb/7fPHLP7vyB+z+L8zf8ziv0P+mMV/x/wxi/9O+WMW/53zxyz+78ofs/i/O3/M4r9L/pjF/z35Yxb/XfPHLP7vzR+z+L8vf8zi//78MYv/bvljFv/d88cs/nvkj1n8P5A/ZvH/YP6Yxf9D+WMW/w/nj1n8P5I/ZvHfM3/M4v/R/DGL/8fyxyz+H88fs/h/In/M4r9X/pjF/5P5Yxb/vfPHLP6fyh+z+H86f8ziv0/+mMX/M/ljFv9988cs/p/NH7P4fy5/zOL/+fwxi/9++WMW//3zxyz+X8gfs/gfkD9m8T8wf8zi/8X8MYv/QfljFv+D88cs/l/KH7P4fzl/zOL/lfwxi/9X88cs/l/LH7P4fz1/zOL/jfwxi/8388cs/ofkj1n8D80fs/gflj9m8T88f8zif0T+mMX/yPwxi/9R+WMW/6Pzxyz+x+SPWfyPzR+z+B+XP2bx/1b+mMX/+Pwxi/8J+WMW/xPzxyz+J+WPWfxPzh+z+H87f8zi/538MYv/KfljFv9T88cs/qflj1n8T88fs/h/N3/M4n9G/pjF/8z8MYv/WfljFv/v5Y9Z/L+fP2bxPzt/zOJ/Tv6Yxf/c/DGL/3n5Yxb/8/PHLP4/yB+z+P8wf8zi/6P8MYv/j/PHLP4/yR+z+P80f8zif0H+mMX/wvwxi//P8scs/hflj1n8f54/ZvG/OH/M4n9J/pjF/9L8MYv/ZfljFv/L88cs/lfkj1n8r8wfs/j/In/M4v/L/DGL/6/yxyz+v84fs/hflT9m8b86f8zi/5v8MYv/b/PHLP7X5I9Z/H+XP2bxvzZ/zOJ/Xf6Yxf/6/DGL/+/zxyz+N+SPWfxvzB+z+N+UP2bx/0P+mMX/j/ljFv8/5Y9Z/G/OH7P4/zl/zOJ/S/6Yxf/W/DGL/235Yxb/2/PHLP5/yR+z+N+RP2bxvzN/zOL/1/wxi/9d+WMW/7/lj1n8/54/ZvH/R/6Yxf+f+WMW/7vzxyz+9+SPWfzvzR+z+N+XP2bxvz9/zOI/JX/M4v9A/pjF/8H8MYv/1Pwxif9TBvljFv+h/DGL/6j8MYv/bPljFv/Z88cs/qPzxyz+c+SPWfznzB+z+M+VP2bxnzt/zOI/T/6YxX/e/DGL/3z5Yxb/+fPHLP5PyR+z+C+QP2bxH5M/ZvFfMH/M4j82f8ziv1D+mMV/4fwxi/9T88cs/k/LH7P4Pz1/zOK/SP6Yxf8Z+WMW/0Xzxyz+z8wfs/g/K3/M4r9Y/pjF/9n5Yxb/5+SPWfzH5Y9Z/J+bP2bxf17+mMX/+fljFv/F88cs/kvkj1n8X5A/ZvFfMn/M4r9U/pjF/4X5Yxb/F+WPWfxfnD9m8X9J/pjFf+n8MYv/S/PHLP7L5I9Z/JfNH7P4L5c/ZvFfPn/M4r9C/pjFf8X8MYv/y/LHLP4r5Y9Z/FfOH7P4r5I/ZvFfNX/M4v/y/DGL/2r5Yxb/1fPHLP6vyB+z+L8yf8ziv0b+mMV/fP6YxX9C/pjFf2L+mMV/zfwxi/9aIv+5/o11Lf5ri/z/nSz+k/LHLP6T88cs/uvkj1n8180fs/i/Kn/M4v/q/DGL/3r5Yxb/9fPHLP4b5I9Z/F+TP2bx3zB/zOL/2vwxi/9G+WMW/43zxyz+m+SPWfw3zR+z+L8uf8ziv1n+mMV/8/wxi//r88cs/m/IH7P4vzF/zOL/pvwxi/+b88cs/m/JH7P4vzV/zOK/Rf6YxX/L/DGL/1b5Yxb/t+WPWfy3zh+z+G+TP2bx3zZ/zOK/Xf6Yxf/t+WMW/+3zxyz+78gfs/i/M3/M4r9D/pjFf8f8MYv/TvljFv+d88cs/u/KH7P4vzt/zOK/S/6Yxf89+WMW/13zxyz+780fs/i/L3/M4v/+/DGL/275Yxb/3fPHLP575I9Z/D+QP2bx/2D+mMX/Q/ljFv8P549Z/D+SP2bx3zN/zOL/0fwxi//H8scs/h/PH7P4fyJ/zOK/V/6Yxf+T+WMW/73zxyz+n8ofs/h/On/M4r9P/pjF/zP5Yxb/ffPHLP6fzR+z+H8uf8zi//n8MYv/fvljFv/988cs/l/IH7P4H5A/ZvE/MH/M4v/F/DGL/0H5Yxb/g/PHLP5fyh+z+H85f8zi/5X8MYv/V/PHLP5fyx+z+H89f8zi/438MYv/N/PHLP6H5I9Z/A/NH7P4H5Y/ZvE/PH/M4n9E/pjF/8j8MYv/UfljFv+j88cs/sfkj1n8j80fs/gflz9m8f9W/pjF//j8MYv/CfljFv8T88cs/iflj1n8T84fs/h/O3/M4v+d/DGL/yn5Yxb/U/PHLP6n5Y9Z/E/PH7P4fzd/zOJ/Rv6Yxf/M/DGL/1n5Yxb/7+WPWfy/nz9m8T87f8zif07+mMX/3Pwxi/95+WMW//Pzxyz+P8gfs/j/MH/M4v+j/DGL/4/zxyz+P8kfs/j/NH/M4n9B/pjF/8L8MYv/z/LHLP4X5Y9Z/H+eP2bxvzh/zOJ/Sf6Yxf/S/DGL/2X5Yxb/y/PHLP5X5I9Z/K/MH7P4/yJ/zOL/y/wxi/+v8scs/r/OH7P4X5U/ZvG/On/M4v+b/DGL/2/zxyz+1+SPWfx/lz9m8b82f8zif13+mMX/+vwxi//v88cs/jfkj1n8b8wfs/jflD9m8f9D/pjF/4/5Yxb/P+WPWfxvzh+z+P85f8zif0v+mMX/1vwxi/9t+WMW/9vzxyz+f8kfs/jfkT9m8b8zf8zi/9f8MYv/XfljFv+/5Y9Z/P+eP2bx/0f+mMX/n/ljFv+788cs/vfkj1n8780fs/jflz9m8b8/f8ziPyV/zOL/QP6Yxf/B/DGL/9T8MYn/AoP8MYv/UP6YxX9U/pjFf7b8MYv/7Pk/otlGHi3+o/PHLP5z5I9Z/OfMH7P4z5U/ZvGfO3/M4j9P/pjFf978MYv/fPljFv/588cs/k/JH7P4L5A/ZvEfkz9m8V8wf8ziPzZ/zOK/UP6YxX/h/DGL/1Pzxyz+T8sfs/g/PX/M4r9I/pjF/xn5Yxb/RfPHLP7PzB+z+D8rf8ziv1j+mMX/2fljFv/n5I9Z/Mflj1n8n5s/ZvF/Xv6Yxf/5+WMW/8Xzxyz+S+SPWfxfkD9m8V8yf8ziv1T+mMX/hfljFv8X5Y9Z/F+cP2bxf0n+mMV/6fwxi/9L88cs/svkj1n8l80fs/gvlz9m8V8+f8ziv0L+mMV/xfwxi//L8scs/ivlj1n8V84fs/ivkj9m8V81f8zi//L8MYv/avljFv/V88cs/q/IH7P4vzJ/zOK/Rv6YxX98/pjFf0L+mMV/Yv6YxX/N/DGL/1r5Yxb/tfPHLP6T8scs/pPzxyz+6+SPWfzXzR+z+L8qf8zi/+r8MYv/evljFv/188cs/hvkj1n8X5M/ZvHfMH/M4v/a/DGL/0b5Yxb/jfPHLP6b5I9Z/DfNH7P4vy5/zOK/Wf6YxX/z/DGL/+vzxyz+b8gfs/i/MX/M4v+m/DGL/5vzxyz+b8kfs/i/NX/M4r9F/pjFf8v8MYv/VvljFv+35Y9Z/LfOH7P4b5M/ZvHfNn/M4r9d/pjF/+35Yxb/7fPHLP7vyB+z+L8zf8ziv0P+mMV/x/wxi/9O+WMW/53zxyz+78ofs/i/O3/M4r9L/pjF/z35Yxb/XfPHLP7vzR+z+L8vf8zi//78MYv/bvljFv/d88cs/nvkj1n8P5A/ZvH/YP6Yxf9D+WMW/w/nj/1/7NGzFiCGAkXRZ79kYtu2bdu2bWdi27Zt27Zt254UqbLW/YLcvbtTn5b/A/2PWv7v5n/U8n93/6OW/3v4H7X839P/qOX/Xv5HLf/39j9q+b+P/1HL/339j1r+7+d/1PJ/f/+jlv8H+B+1/D/Q/6jl/0H+Ry3/D/Y/avl/iP9Ry/9D/Y9a/h/mf9Ty/3D/o5b/R/gftfw/0v+o5f9R/kct/4/2P2r5f4z/Ucv/Y/2PWv4f53/U8v94/6OW/yf4H7X8P9H/qOX/Sf5HLf9P9j9q+X+K/1HL/1P9j1r+n+Z/1PL/dP+jlv9n+B+1/D/T/6jl/1n+Ry3/z/Y/avl/jv9Ry/9z/Y9a/p/nf9Ty/3z/o5b/F/gftfy/0P+o5f9F/kct/y/2P2r5f4n/Ucv/S/2PWv5f5n/U8v9y/6OW/1f4H7X8v9L/qOX/Vf5HLf+v9j9q+X+N/1HL/2v9j1r+X+d/1PL/ev+jlv83+B+1/L/R/6jl/03+Ry3/b/Y/avl/i/9Ry/9b/Y9a/t/mf9Ty/3b/o5b/d/gftfy/0/+o5f9d/kct/+/2P2r5f4//Ucv/e/2PWv7f53/U8v9+/6OW/w/4H7X8f9D/qOX/Q/5HLf8f9j9q+f+I/1HL/0f9j1r+P+Z/1PL/cf+jlv9P+B+1/H/S/6jl/1P+Ry3/n/Y/avn/jP9Ry/9n/Y9a/j/nf9Ty/3n/o5b/L/gftfx/0f+o5f9L/kct/1/2P2r5/4r/Ucv/V/2PWv6/5n/U8v91/6OW/2/4H7X8f9P/qOX/W/5HLf/f9j9q+f+O/1HL/3f9j1r+v+d/1PL/ff+jlv8f+B+1/P/Q/6jl/0f+Ry3/P/Y/avn/if9Ry/9P/Y9a/n/mf9Ty/3P/o5b/X/gftfz/0v+o5f9X/kct/7/2P2r5/43/Ucv/b/2PWv5/53/U8v97/6OW/z/4H7X8/9H/qOX/T/5HLf9/9j9q+f+L/1HL/0H+RyX/B/zJ/6jl/5/9j1r+/8X/qOX/X/2PWv7/zf+o5f/f/Y9a/v/D/6jl/z/9j1r+/8v/qOX/v/2PWv7/x/+o5f9//Y9a/v/P/6jl///9j1r+D+Z/1PJ/cP+jlv8D/I9a/g/hf9Tyf0j/o5b/Q/kftfwf2v+o5f8w/kct/4f1P2r5P5z/Ucv/4f2PWv6P4H/U8n9E/6OW/yP5H7X8H9n/qOX/KP5HLf9H9T9q+T+a/1HL/9H9j1r+j+F/1PJ/TP+jlv9j+R+1/B/b/6jl/zj+Ry3/x/U/avk/nv9Ry//x/Y9a/k/gf9Tyf0L/o5b/E/kftfyf2P+o5f8k/kct/yf1P2r5P5n/Ucv/yf2PWv5P4X/U8n9K/6OW/1P5H7X8n9r/qOX/NP5HLf+n9T9q+T+d/1HL/+n9j1r+z+B/1PJ/Rv+jlv8z+R+1/J/Z/6jl/yz+Ry3/Z/U/avk/m/9Ry//Z/Y9a/s/hf9Tyf07/o5b/c/kftfyf2/+o5f88/kct/+f1P2r5P5//Ucv/+f2PWv4v4H/U8n9B/6OW/wv5H7X8X9j/qOX/Iv5HLf8X9T9q+b+Y/1HL/8X9j1r+L+F/1PJ/Sf+jlv9L+R+1/F/a/6jl/zL+Ry3/l/U/avm/nP9Ry//l/Y9a/q/gf9Tyf0X/o5b/K/kftfxf2f+o5f8q/kct/1f1P2r5v5r/Ucv/1f2PWv6v4X/U8n9N/6OW/2v5H7X8X9v/qOX/Ov5HLf/X9T9q+b+e/1HL//X9j1r+b+B/1PJ/Q/+jlv8b+R+1/N/Y/6jl/yb+/2bQ77Pl/6b+Ry3/N/M/avm/uf9Ry/8t/I9a/m/pf9Tyfyv/o5b/W/sftfzfxv+o5f+2/kct/7fzP2r5v73/Ucv/HfyPWv7v6H/U8n8n/6OW/zv7H7X838X/qOX/rv5HLf8H+h/94f4DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/Mq+/cd4XRdwHP8ccIBkGy5mDGuDfFu6pXTHj+EfTkgELvTA34gaAncgeAd0HHacGj/+IJfOH7mRYytXwrCctHnLNZ1dmlmzWLXV7IeapStrkeks2GJd+95977z7dtz6vs/3m5WPxx/3/X4+X14f4LYnnw9TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP9dDY0LjoytGXJq7OCDDx9u7n2dfXTFTQd+331B/2v546XDXHLM4IOenp6e2c/O2lE+nFAUReln21k+nlg5Ll1/Z/2XOvqOwvzuFxcfn/zLxiMH1pz2cF3X0ftqe8/WFjeu29DS/IkxRREuqi06Sgd1NUURFtUW95YO6ksHi2uLh0sHs3oPTim+Wzo4b+3mlqbSiSXR3zP4f9HQuLMYO6TYYsifBoP731n/nTv6X0e4ZP/VxhXl/i/v/OGbFZ/1O0H//dcPCyr7r/o3CJxQdf0/P7//dYRL/sf9f9KTK18e7rMT999//fBJ/UM6wzz/D2m08rm/4vl/+jCXHNhfWdN5vNT/Jbc+M6N8atx/8/z/zvXDRZX9jxny/F96jl/Y//w/oSjCxaP8dsB7SkPjriMj3f9H7n/ctIpNzeD+T2/bvL/U/2OLf/B4+VRtlf0vHOH+P2ZJxa8VqE5D41d7Ku7/VfRffGyYSw70/9bjv32o1P+jf7z/jEGfVdP/xZX9z2xv3TJz6/bOcze0rl7fvL55U92sebPn1tfNPX/OzN5Hgr6vo/yuwHvD6O7/xaSKTU1RNA/sr+468FSp/zkPPDC7fGpilf0vGvH+P939H4b1kTHF+PFFx+r29ra6vq/9h/V9X/t+2DD9V/H3/zPPLv+w2vJrTVFMHdjfecZdy0v9v33omd3lU+Or7H/xiP3PH/h5gQijvP83VWyG9H/w0Iu9z/9L7zl4evlUtX//XzJi/6+4/8NoNDRW/A8/77JS/7uKSyM7DQ3++x+kk6P/R9++vjtuHT6lf0gnR/9/+MLRc+LWYan+IZ0c/Y/beP9zcetwif4hnRz9L5syb3ncOlyqf0gnR/9rXznnr3Hr0Kh/SCdH/2d/ZXdH3Dos0z+kk6P/B9tmb4tbh+X6h3Ry9P/zUx98NW4dLtM/pJOj/2PH7r4hbh0u1z+kk6P/rj1n/ShuHa7QP6STo//L1i0Icetwpf4hnRz9T5v658fi1uEq/UM6Ofqf+5d/nhq3DlfrH9LJ0f/tX1y+L24drtE/pJOj/7HXvfxC3Dqs0D+kk6P/JWdtWxC3DtfqH9LJ0X/Tz5p64tZhZbn/CYX+4V2Xo/+Z3/zJhrh1uM79H9LJ0f/hZY/siVuH6/UP6eTof09dMTluHW7QP6STo/9vfP+0Q3Hr8Gn9Qzo5+v/dk0/Mi1uHVfqHdHL0/+yHbvtW3DrcqH9IJ0f/96x54cy4dVitf0gnR/8P7X3uy3HrsEb/kE6O/l9/vfV9ceuwVv+QTo7+J0085bW4dWjSP6STo/8Ft3ytLW4dmvUP6eTov3V314/j1mGd/iGdHP1/9PjUlXHrsF7/kE6O/lfM2fvBuHW4Sf+QTo7+P7D0gl1x67BB/5BOjv4v7P74hXHrsFH/kE6O/tuf/vzX49bhZv1DOjn63zvj1UVx69Cif0gnR/8vrVry07h1aNU/pJOj/zcfuXZT3Dps0j+kk6P/J37x1rG4ddisf0gnR//vP3/h3+PWYYv+IZ0c/S9a/MbauHX4jP4hnRz9b+z610tx69Cmf0gnR/8zDl+1NG4dtuof0snR//fOrdsftw7t+od0cvR/xxX76uPWYZv+IZ0c/e8/eOddcetwi/4hnRz9v/Gr6dPi1uGz+od0cvR/3+RD18StQ4f+IZ0c/f96U+3TceuwXf+QTo7+/7Fvyo64dejUP6STo/+nXuv+U9w63Kp/SCdH/6vG/WZ83Drcpn9IJ0f/Uzq33Bu3DrfrH9LJ0f+8u1efF7cOn9M/pJOj/61/e/7bceuwQ/+QztbtnTevbmlpbvPGG2+8GXhzsv9kAlJ7J/qT/SsBAAAAAAAAAAAAAABOJMc/JzrZv0cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg3+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhB44FAAAAAIT5WwfRuwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBXAAAA//9O+OOp")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r0, 0x40285881, 0x0)

4.241052643s ago: executing program 0 (id=988):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040))
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1)

3.653616891s ago: executing program 0 (id=992):
r0 = syz_open_dev$sndpcmc(&(0x7f0000000240), 0x0, 0x0)
io_setup(0x1, &(0x7f0000000000)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000340)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7, 0x0, r0, 0x0, 0x0, 0x401}])

3.624638106s ago: executing program 4 (id=993):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000240)='bbr\x00', 0x1)
setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0x1, 0x0, 0x0)

3.516324014s ago: executing program 5 (id=994):
setresuid(0x0, 0xee00, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x10, &(0x7f0000000240)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ldst={0x3, 0x0, 0x3}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

3.24426127s ago: executing program 0 (id=995):
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)

3.167210473s ago: executing program 5 (id=996):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x64}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x1}]}}}]}]}], {0x14}}, 0x7c}}, 0x0)

3.128555876s ago: executing program 4 (id=998):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)=0xffff0018)
ioctl$SNDCTL_DSP_GETISPACE(r0, 0x8010500d, &(0x7f0000000080))

2.863063689s ago: executing program 0 (id=999):
syz_mount_image$xfs(&(0x7f0000009800), &(0x7f0000009840)='./file1\x00', 0x40, &(0x7f0000000100)={[{@pqnoenforce}, {@noquota}, {@usrquota}, {@pqnoenforce}, {@ikeep}, {@prjquota}, {@noikeep}]}, 0x1, 0x98d4, &(0x7f0000013140)="$eJzs3QW4ZXXhcP87w9CNhYEMjUU3BqEggoCElBLSkgJKGIAIAqKApKAIKFIiSIkoSHd3d3d3/J9hZmQcF6j/9/f+8GWt9Tx3zjn77LPvPt/P3vvew76cs+Iiyy40MDDJwPBGXr7ZoS98/OgtX1hop2OvOeL5RQ9f/OgRk8cafjFk6IjLqUZcTj0wMDBoxHIGDZ82eMiJJw0eGGdgYPCoy51g3PEHTTAwsNaImwuMuJx7+MWEV46c7/XR4hUdthqDdh3+NfybDgwMjDvsypMDM68w6nJGrNcs//REpa244KKLvGn1d7dh4zdkxPVRv8Ya/jXhxQMDE140wNvHoHf2Gb3x/SfZ+9yVVn6H1+P/iVZccNHFRvMfti+OMWLa3MP28dH3QWOjb+dD57515DFoEB44/x9pxQUXWWLgrY/zA6u+dtDmr79x3Bw83sDA4PEHBgZPMDAweMKBgcETDQwMnviddqn/s97Rja+qqqrekRZcaPaFhr3eG+33gXFG/l5Lvxeu8upStw4MDIw5fJ7Bc418LVhVVVVVVVVV/50tuNDsC8Pr/0ne7vX/Cae+NGOv/6uqqqqqqqr+32mxBReafdjr+NFe/0/+dq//t7v3uQ1H/O3/3MMf9do7+ySqqqqqqqqq6m1b5stvvP4ff7TX/0Pf7vX/A/Pvct+I+Ub+d4NXR1nkoFH+nuDlUaaPMcr8L40yfcgo00edf6yBgcFDRkx/5c3Jg8cbdt8/zz94kmHrPWL6i6NMn+XN/795yLSjTJ91lOnTjzJ9thHrOmz6DKNMn3OU+Wf8d8a2qqqqqqqqqqqqqqqqqqrqf6vXHj319Dff8/2jA6O8f/vf38d9xN8FDDrujCuueMdW9L+jQf/89xDbvdPr9H/aMOdxjho6MLDx8u/0qtQ70Dv9eQ31zpa/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+Yt7i/P/f3///ykOX2vk/zM/96G7TznRqI9df5Tr4/yvrvU71rv1/P/A+oMGBkb4TjLMdckFl1luxoGBgYmm3P3QOQb+ft88w+6bf7IxRrxBwvC3QZhuCC94uxGfir7diFlHLOO4N5a/2OuHjDFotJUYpUlPPuyw9VZ8fo7RL6d/6+cxeOSV91241cIj38ti8GgzvdV2OnL5I5/L6M4j1n3GYes+8xYbbTrz5ltv86n1N1pj3bXXXXvjeeeee545555r3tlmXmf9DdeeZfi/bzVmQ9/4d5p/Z8wmH33MHl1w1DEb/bm91ZgNffsxe2OJY++12gYjx2z0VftXYzbN24/Z0PVHfKMhQ8ccWP2NsRk0MDBk2jEHthp2Y9axBwaGTDdi3smHzfvpyQYPDOzx5hMddm3sv2+Dg7YbNs+Kiyy70Jsfu//PH7//Fp9nP9bwiyEjhmTIVCMupx7+bSYZeHNTHDzkxJMGD3vu/zDME4w7/qAJBgbWGnFzgRGX846497KR873F56yPtqJvvM3KrsO//u4x7rArxyw98fWjLuctCP4n+v/18/+fvOYZ9PeBGjTia8Q8w70WXHSxN7/XG8OwwMj3hBn2s2WYyf/Bx9j/y/5pfYeO88ab3L7V+r7N++IOf/6wfU3/8NlD/6feF5ePHUu88e/Qf+fYMfD2x44x3rz65tS1L51i9GPH4m+9iv+wX4wco7FHm+mtjh0z7r/gtm8cm97+2LHE+iM+aOjNY8fggYEh04w8dgw7kEw/5sAew27MNuzGDGMOHDHsxuxv3Bh34IxhN2Zac5MN1xr0xtv2jFjuLMOWu8Bkg9548lfMvODRY+z9+uvTjliXWUY7sI7YPoaO+vNxwcmGD9vIx9Jy79hi+H3Tj1jurP/Bckc+lpY7z2bD75thxHJnG225Y7zNckc+duT+MGzWN/aHGQf9wx9+wv67yGj776CRh/VRHjLya6zhXxNePPKzoWB/+Y+OO7T/TvI26/s2n2uF29uwaTsseemp/1Ofa0XrO87br+9bfQ73W67vBuNutdT/wPoOGmV9/2E723S+4dvKjCO2szn/g+135GNHP46N+ca9wxlm/HeOYwv803Fs+zEGj7byo/RWvwOtBfMPvz7535c275FjTDxy7Mccbbn/6negGd/+ODbJ+qM9bpGDBwbRmD/wyGHrjf0vxnzMgX/8XX3kmI987NuN+Qz/POaD/mnM53n7Mf93f++ccZrh94/xNmM+eOfNlxw55mP9h2M+w3865gsMjEFjvscBw8ft7Y6nbzXmIx/7j2M+ZOALAwMD044Y8+n/ne18lv+Z7Xw8mH/49Xv/PunCKU7bbZRjzKD/ZMyn/0/HfOjft/Np37hv6sEDY401sNUaW2yx2azD/x15c7bh//Kx6Il7ho/z2/0sfSujkY99u/1i2n/HaOj/jNGHhvzz/CNfdIy8vfwZx0z6//dYNO1/ZjRokQE+Fp1y/vBxe7vfi95qzEc+ln4ODh3l8aO/rnub96PE5zRs2n7773PLyEWOeFjvR/nv9w+b7cj/xrf+6Af5erfWf/93l7+7/N3l7y5/cW9x/v/v7///wCTLPjziRfKYe8637prv9Pq+w72rz/+P8P2H8/9rrjvfnsNeCo64723Pzw6f57/y/Ozcwy8mvHLkfKOfH+QVfevzszPsNdMyA/8752f/fzVyX/03Xsd3/HeXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/mLe4vz/yP/Rnnoga/es92IE6Fj7rvPmq++0+v7DveuPv8/wvcfzv+/uuY++w4e+Pt9b3v+f/g8jvP/Sx2490kD/8Xn/0fuq53/r39R/u7yd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eUv7i3O/y8w8u8A5lptnV1H/j3AxrN+bsd3en3f4d6t5//7/H9vHf/d5e8uf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+4kac/x8Y7WMdl267wOD8///bvYX/V/LHLP7L5I9Z/JfNH7P4L5c/ZvFfPn/M4v/V/DGL/wr5Yxb/FfPHLP4r5Y9Z/FfOH7P4r5I/ZvH/Wv6Yxf/r+WMW/1Xzxyz+q+WPWfxXzx+z+K+RP2bx/0b+mMV/zfwxi/9a+WMW/7Xzxyz+6+SPWfzXzR+z+K+XP2bxXz9/zOL/zfwxi/8G+WMW/w3zxyz+G+WPWfw3zh+z+G+SP2bx3zR/zOL/rfwxi/9m+WMW/83zxyz+W+SPWfy/nT9m8f9O/pjFf8v8MYv/VvljFv+t88cs/tvkj1n8v5s/ZvH/Xv6Yxf/7o/uvuPn/7nr9l2bx/0H7P2bx3zZ/zOK/Xf6YxX/7/DGL/w/zxyz+O+SPWfx/lD9m8d8xf8ziv1P+mMX/x/ljFv+d88cs/rvkj1n8d80fs/j/JH/M4r9b/pjF/6f5Yxb/n+WPWfx3zx+z+O+RP2bx3zN/zOL/8/wxi/9e+WMW/73zxyz+++SPWfz3zR+z+O+XP2bx3z9/zOL/i/wxi/8B+WMW/wPzxyz+v8wfs/j/Kn/M4n9Q/pjF/9f5Yxb/g/PHLP6H5I9Z/A/NH7P4/yZ/zOL/2/wxi/9h+WMW/9/lj1n8D88fs/gfkT9m8T8yf8zif1T+mMX/6Pwxi//v88cs/sfkj1n8/5A/ZvE/Nn/M4n9c/pjF/4/5Yxb/4/PHLP4n5I9Z/E/MH7P4n5Q/ZvE/OX/M4v+n/DGL/yn5Yxb/P+ePWfxPzR+z+P8lf8zi/9f8MYv/afljFv/T88cs/n/LH7P4n5E/ZvE/M3/M4n9W/pjF/+z8MYv/OfljFv9z88cs/uflj1n8z88fs/hfkD9m8b8wf8zif1H+mMX/4vwxi/8l+WMW/0vzxyz+l+WPWfwvzx+z+F+RP2bxvzJ/zOJ/Vf6Yxf/q/DGL/zX5Yxb/a/PHLP7X5Y9Z/K/PH7P435A/ZvG/MX/M4n9T/pjF/+b8MYv/LfljFv9b88cs/rflj1n8b88fs/jfkT9m8b8zf8zif1f+2Lvdf6wR1+/OH3u3+4/snvwxi/+9+WMW//vyxyz+9+ePWfwfyB+z+D+YP2bxfyh/zOL/cP6Yxf+R/DGL/6P5Yxb/x/LHLP6P549Z/J/IH7P4P5k/ZvF/Kn/M4v90/pjF/5n8MYv/s/ljFv/n8scs/s/nj1n8X8gfs/i/mD9m8X8pf8zi/3L+mMX/lfwxi/+r+WMW/9fyxyz+r+ePSfwHDeSPWfwHWf3HePu7Lf6Drf7/Iov/GPljFv8h+WMW/zHzxyz+Y+WPWfzHzh+z+I+TP2bxHzd/zOI/Xv6YxX/8/DGL/wT5Yxb/CfPHLP4T5Y9Z/CfOH7P4T5I/ZvGfNH/M4j9Z/pjF/z35Yxb/9+aPWfzflz9m8X9//pjF/wP5Yxb/yfPHLP4fzB+z+H8of8zi/+H8MYv/R/LHLP5T5I9Z/D+aP2bxnzJ/zOI/NH/M4j9V/pjFf+r8MYv/NPljFv9p88cs/tPlj1n8p88fs/jPkD9m8Z8xf8zi/7H8MYv/x/PHLP6fyB+z+H8yf8zi/6n8MYv/TPljFv+Z88cs/rPkj1n8Z80fs/jPlj9m8Z89f8ziP0f+mMV/zvwxi/9c+WMW/7nzxyz+8+SPWfznzR+z+M+XP2bxnz9/zOL/6fwxi/9n8scs/p/NH7P4fy5/zOK/QP6YxX/B/DGL/0L5Yxb/hfPHLP6fzx+z+H8hf8ziv0j+mMV/0fwxi/8X88cs/ovlj1n8v5Q/ZvFfPH/M4r9E/pjF/8v5Yxb/JfPHLP5L5Y9Z/JfOH7P4fyV/zOK/TP6YxX/Z/DGL/3L5Yxb/5fPHLP5fzR+z+K+QP2bxXzF/zOK/Uv6YxX/l/DGL/yr5Yxb/r+WPWfy/nj9m8V81f8ziv1r+mMV/9fwxi/8a+WMW/2/kj1n818wfs/ivlT9m8V87f8ziv07+mMV/3fwxi/96+WMW//Xzxyz+38wfs/hvkD9m8d8wf8ziv1H+mMV/4/wxi/8m+WMW/03zxyz+38ofs/hvlj9m8d88f8ziv0X+mMX/2/ljFv/v5I9Z/LfMH7P4b5U/ZvHfOn/M4r9N/pjF/7v5Yxb/7+WPWfy/nz9m8f9B/pjFf9v8MYv/dvljFv/t88cs/j/MH7P475A/ZvH/Uf6YxX/H/DGL/075Yxb/H+ePWfx3zh+z+O+SP2bx3zV/zOL/k/wxi/9u+WMW/5/mj1n8f5Y/ZvHfPX/M4r9H/pjFf8/8MYv/z/PHLP575Y9Z/PfOH7P475M/ZvHfN3/M4r9f/pjFf//8MYv/L/LHLP4H5I9Z/A/MH7P4/zJ/zOL/q/wxi/9B+WMW/1/nj1n8D84fs/gfkj9m8T80f8zi/5v8MYv/b/PHLP6H5Y9Z/H+XP2bxPzx/zOJ/RP6Yxf/I/DGL/1H5Yxb/o/PHLP6/zx+z+B+TP2bx/0P+mMX/2Pwxi/9x+WMW/z/mj1n8j88fs/ifkD9m8T8xf8zif1L+mMX/5Pwxi/+f8scs/qfkj1n8/5w/ZvE/NX/M4v+X/DGL/1/zxyz+p+WPWfxPzx+z+P8tf8zif0b+mMX/zPwxi/9Z+WMW/7Pzxyz+5+SPWfzPzR+z+J+XP2bxPz9/zOJ/Qf6Yxf/C/DGL/0X5Yxb/i/PHLP6X5I9Z/C/NH7P4X5Y/ZvG/PH/M4n9F/pjF/8r8MYv/VfljFv+r88cs/tfkj1n8r80fs/hflz9m8b8+f8zif0P+mMX/xvwxi/9N+WMW/5vzxyz+t+SPWfxvzR+z+N+WP2bxvz1/zOJ/R/6Yxf/O/DGL/135Yxb/u/PHLP735I9Z/O/NH7P435c/ZvG/P3/M4v9A/pjF/8H8MYv/Q/ljFv+H88cs/o/kj1n8H80fs/g/lj9m8X88f8zi/0T+mMX/yfwxi/9T+WMW/6fzxyz+z+SPWfyfzR+z+D+XP2bxfz5/zOL/Qv6Yxf/F/DGL/0v5Yxb/l/PHLP6v5I9Z/F/NH7P4v5Y/ZvF/PX9M4v/G1fz/OYv/oPwxi//g/DGL/xj5Yxb/IfljFv8x88cs/mPlj1n8x84fs/iPkz9m8R83f8ziP17+mMV//Pwxi/8E+WMW/wnzxyz+E+WPWfwnzh+z+E+SP2bxnzR/zOI/Wf6Yxf89+WMW//fmj1n835c/ZvF/f/6Yxf8D+WMW/8nzxyz+H8wfs/h/KH/M4v/h/DGL/0fyxyz+U+SPWfw/mj9m8Z8yf8ziPzR/zOI/Vf6YxX/q/DGL/zT5Yxb/afPHLP7T5Y9Z/KfPH7P4z5A/ZvGfMX/M4v+x/DGL/8fzxyz+n8gfs/h/Mn/M4v+p/DGL/0z5Yxb/mfP/515/XeM/S/6YxX/W/DGL/2z5Yxb/2fPHLP5z5I9Z/OfMH7P4z5U/ZvGfO3/M4j9P/pjFf978MYv/fPljFv/588cs/p/OH7P4fyZ/zOL/2fwxi//n8scs/gvkj1n8F8wfs/gvlD9m8V84f8zi//n8MYv/F/LHLP6L5I9Z/BfNH7P4fzF/zOK/WP6Yxf9L+WMW/8Xzxyz+S+SPWfy/nD9m8V8yf8ziv1T+mMV/6fwxi/9X8scs/svkj1n8l80fs/gvlz9m8V8+f8zi/9X8MYv/CvljFv8V88cs/ivlj1n8V84fs/ivkj9m8f9a/pjF/+v5Yxb/VfPHLP6r5Y9Z/FfPH7P4r5E/ZvH/Rv6YxX/N/DGL/1r5Yxb/tfPHLP7r5I9Z/NfNH7P4r5c/ZvFfP3/M4v/N/DGL/wb5Yxb/DfPHLP4b5Y9Z/Dd+w3/IO7VW/7VZ/Ddp/8cs/pvmj1n8v5U/ZvHfLH/M4r95/pjFf4v8MYv/t/PHLP7fyR+z+G+ZP2bx3yp/zOK/df6YxX+b/DGL/3fzxyz+38sfs/h/P3/M4v+D/DGL/7b5Yxb/7fLHLP7b549Z/H+YP2bx3yF/zOL/o/wxi/+O+WMW/53yxyz+P84fs/jvnD9m8d8lf8ziv2v+mMX/J/ljFv/d8scs/j/NH7P4/yx/zOK/e/6YxX+P/DGL/575Yxb/n+ePWfz3yh+z+O+dP2bx3yd/zOK/b/6YxX+//DGL//75Yxb/X+SPWfwPyB+z+B+YP2bx/2X+mMX/V/ljFv+D8scs/r/OH7P4H5w/ZvE/JH/M4n9o/pjF/zf5Yxb/3+aPWfwPyx+z+P8uf8zif3j+mMX/iPwxi/+R+WMW/6Pyxyz+R+ePWfx/nz9m8T8mf8zi/4f8MYv/sfljFv/j8scs/n/MH7P4H58/ZvE/IX/M4n9i/pjF/6T8MYv/yfljFv8/5Y9Z/E/JH7P4/zl/zOJ/av6Yxf8v+WMW/7/mj1n8T8sfs/ifnj9m8f9b/pjF/4z8MYv/mfljFv+z8scs/mfnj1n8z8kfs/ifmz9m8T8vf8zif37+mMX/gvwxi/+F+WMW/4vyxyz+F+ePWfwvyR+z+F+aP2bxvyx/zOJ/ef6Yxf+K/DGL/5X5Yxb/q/LHLP5X549Z/K/JH7P4X5s/ZvG/Ln/M4n99/pjF/4b8MYv/jfljFv+b8scs/jfnj1n8b8kfs/jfmj9m8b8tf8zif3v+mMX/jvwxi/+d+WMW/7vyxyz+d+ePWfzvyR+z+N+bP2bxvy9/zOJ/f/6Yxf+B/DGL/4P5Yxb/h/LHLP4P549Z/B/JH7P4P5o/ZvF/LH/M4v94/pjF/4n8MYv/k/ljFv+n8scs/k/nj1n8n8kfs/g/mz9m8X8uf8zi/3z+mMX/hfwxi/+L+WMW/5fyxyz+L+ePWfxfyR+z+L+aP2bxfy1/zOL/ev6YxH+Mgfwxi/+g/DGL/+D8MYv/GPljFv8h+WMW/zHzxyz+Y+WPWfzHzh+z+I+TP2bxHzd/zOI/Xv6YxX/8/DGL/wT5Yxb/CfPHLP4T5Y9Z/CfOH7P4T5I/ZvGfNH/M4j9Z/pjF/z35Yxb/9+b/9157/c3rFv/35Y9Z/N+fP2bx/0D+mMV/8vwxi/8H88cs/h/KH7P4fzh/zOL/kfwxi/8U+WMW/4/mj1n8p8wfs/gPzR+z+E+VP2bxnzp/zOI/Tf6YxX/a/DGL/3T5Yxb/6fPHLP4z5I9Z/GfMH7P4fyx/zOL/8fwxi/8n8scs/p/MH7P4fyp/zOI/U/6YxX/m/DGL/yz5Yxb/WfPHLP6z5Y9Z/GfPH7P4z5E/ZvGfM3/M4j9X/pjFf+78MYv/PPljFv9588cs/vPlj1n8588fs/h/On/M4v+Z/DGL/2fzxyz+n8sfs/gvkD9m8V8wf8ziv1D+mMV/4fwxi//n88cs/l/IH7P4L5I/ZvFfNH/M4v/F/DGL/2L5Yxb/L+WPWfwXzx+z+C+RP2bx/3L+mMV/yfwxi/9S+WMW/6Xzxyz+X3nT/6XXh/eOrN5/Wxb/Zdr/MYv/svljFv/l8scs/svnj1n8v5o/ZvFfIX/M4r9i/pjFf6X8MYv/yvljFv9V8scs/l/LH7P4fz1/zOK/av6YxX+1/DGL/+r5Yxb/NfLHLP7fyB+z+K+ZP2bxXyt/zOK/dv6YxX+d/DGL/7r5Yxb/9fLHLP7r549Z/L+ZP2bx3yB/zOK/Yf6YxX+j/DGL/8b5Yxb/TfLHLP6b5o9Z/L+VP2bx3yx/zOK/ef6YxX+L/DGL/7fzxyz+38kfs/hvmT9m8d8qf8ziv3X+mMV/m/wxi/9388cs/t/LH7P4fz9/zOL/g/wxi/+2+WMW/+3yxyz+2+ePWfx/mD9m8d8hf8zi/6P8MYv/jvljFv+d8scs/j/OH7P475w/ZvHfJX/M4r9r/pjF/yf5Yxb/3fLHLP4/zR+z+P8sf8ziv3v+mMV/j/wxi/+e+WMW/5/nj1n898ofs/jvnT9m8d8nf8ziv2/+mMV/v/wxi//++WMW/1/kj1n8D8gfs/gfmD9m8f9l/pjF/1f5Yxb/g/LHLP6/zh+z+B+cP2bxPyR/zOJ/aP6Yxf83+WMW/9/mj1n8D8sfs/j/Ln/M4n94/pjF/4j8MYv/kfljFv+j8scs/kfnj1n8f58/ZvE/Jn/M4v+H/DGL/7H5Yxb/4/LHLP5/zB+z+B+fP2bxPyF/zOJ/Yv6Yxf+k/DGL/8n5Yxb/P+WPWfxPyR+z+P85f8zif2r+mMX/L/ljFv+/5o9Z/E/LH7P4n54/ZvH/W/6Yxf+M/DGL/5n5Yxb/s/LHLP5n549Z/M/JH7P4n5s/ZvE/L3/M4n9+/pjF/4L8MYv/hfljFv+L8scs/hfnj1n8L8kfs/hfmj9m8b8sf8zif3n+mMX/ivwxi/+V+WMW/6vyxyz+V+ePWfyvyR+z+F+bP2bxvy5/zOJ/ff6Yxf+G/DGL/435Yxb/m/LHLP43549Z/G/JH7P435o/ZvG/LX/M4n97/pjF/478MYv/nfljFv+78scs/nfnj1n878kfs/jfmz9m8b8vf8zif3/+mMX/gfwxi/+D+WMW/4fyxyz+D+ePWfwfyR+z+D9q9R/37e+2+D9m9f8XWfwfzx+z+D+RP2bxfzJ/zOL/VP6Yxf/p/DGL/zP5Yxb/Z/PHLP7P5Y9Z/J/PH7P4v5A/ZvF/MX/M4v9S/pjF/+X8MYv/K/ljFv9X88cs/q/lj1n8X88fk/gPGcgfs/gPyh+z+A/OH7P4j5E/ZvEfkj9m8R8zf8ziP1b+mMV/7Pwxi/84+WMW/3Hzxyz+4+WPWfzHzx+z+E+QP2bxnzB/zOI/Uf6YxX/i/DGL/yT5Yxb/SfPHLP6T5Y9Z/N+TP2bxf2/+mMX/ffljFv/3549Z/D+QP2bxnzx/zOL/wfwxi/+H8scs/h/OH7P4fyR/zOI/Rf6Yxf+j+WMW/ynzxyz+Q/PHLP5T5Y9Z/KfOH7P4T5M/ZvGfNn/M4j9d/pjFf/r8MYv/DPljFv8Z88cs/h/LH7P4fzx/zOL/ifwxi/8n88cs/p/KH7P4z5Q/ZvGfOX/M4j9L/pjFf9b8MYv/bPljFv/Z88cs/nPkj1n858wfs/jPlT9m8Z87f8ziP0/+mMV/3vwxi/98+WMW//nzxyz+n84fs/h/Jn/M4v/Z/DGL/+fyxyz+C+SPWfwXzB+z+C+UP2bxXzh/zOL/+fwxi/8X8scs/ovkj1n8F80fs/h/MX/M4r9Y/pjF/0v5Yxb/xfPHLP5L5I9Z/L+cP2bxXzJ/zOK/VP6YxX/p/DGL/1fyxyz+y+SPWfyXzR+z+C+XP2bxXz5/zOL/1fwxi/8K+WMW/xXzxyz+K+WPWfxXzh+z+K+SP2bx/1r+mMX/6/ljFv9V88cs/qvlj1n8V88fs/ivkT9m8f9G/pjFf838MYv/WvljFv+188cs/uvkj1n8180fs/ivlz9m8V8/f8zi/838MYv/BvljFv8N88cs/hvlj1n8N84fs/hvkj9m8d80f8zi/638MYv/ZvljFv/N88cs/lvkj1n8v50/ZvH/Tv6YxX/L/DGL/1b5Yxb/rfPHLP7b5I9Z/L+bP2bx/17+mMX/+/ljFv8f5I9Z/LfNH7P4b5c/ZvHfPn/M4v/D/DGL/w75Yxb/H+WPWfx3zB+z+O+UP2bx/3H+mMV/5/wxi/8u+WMW/13zxyz+P8kfs/jvlj9m8f9p/pjF/2f5Yxb/3fPHLP575I9Z/PfMH7P4/zx/zOK/V/6YxX/v/DGL/z75Yxb/ffPHLP775Y9Z/PfPH7P4/yJ/zOJ/QP6Yxf/A/DGL/y/zxyz+v8ofs/gflD9m8f91/pjF/+D8MYv/IfljFv9D88cs/r/JH7P4/zZ/zOJ/WP6Yxf93+WMW/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOL/+/wxi/8x+WMW/z/kj1n8j80fs/gflz9m8f9j/pjF//j8MYv/CfljFv8T88cs/iflj1n8T84fs/j/KX/M4n9K/pjF/8/5Yxb/U/PHLP5/yR+z+P81f8zif1r+mMX/9Pwxi//f8scs/mfkj1n8z8wfs/iflT9m8T87f8zif07+mMX/3Pwxi/95+WMW//Pzxyz+F+SPWfwvzB+z+F+UP2bxvzh/zOJ/Sf6Yxf/S/DGL/2X5Yxb/y/PHLP5X5I9Z/K/MH7P4X5U/ZvG/On/M4n9N/pjF/9r8MYv/dfljFv/r88cs/jfkj1n8b8wfs/jflD9m8b85f8zif0v+mMX/1vwxi/9t+WMW/9vzxyz+d+SPWfzvzB+z+N+VP2bxvzt/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/B/MH7P4P5Q/ZvF/OH/M4v9I/pjF/9H8MYv/Y/ljFv/H88cs/k/kj1n8n8wfs/g/lT9m8X86f8zi/0z+mMX/2fwxi/9z+WMW/+fzxyz+L+SPWfxfzB+z+L+UP2bxfzl/zOL/Sv6Yxf/V/DGL/2v5Yxb/1/PHJP5jDuSPWfwH5Y9Z/Afnj1n8x8gfs/gPyR+z+I+ZP2bxHyt/zOI/dv6YxX+c/DGL/7j5Yxb/8fLHLP7j549Z/CfIH7P4T5g/ZvGfKH/M4j9x/pjFf5L8MYv/pPljFv/J8scs/u/JH7P4vzd/zOL/vvwxi//788cs/h/IH7P4T54/ZvH/YP6Yxf9D+WMW/w/nj1n8P5I/ZvGfIn/M4v/R/DGL/5T5Yxb/ofljFv+p8scs/lPnj1n8p8kfs/hPmz9m8Z8uf8ziP33+mMV/hvwxi/+M+WMW/4/lj1n8P54/ZvH/RP6Yxf+T+WMW/0/lj1n8Z8ofs/jPnD9m8Z8lf8ziP2v+mMV/tvwxi//s+WMW/znyxyz+c+aPWfznyh+z+M+dP2bxnyd/zOI/b/6YxX++/DGL//z5Yxb/T+ePWfw/kz9m8f9s/pjF/3P5Yxb/BfLHLP4L5o9Z/BfKH7P4L5w/ZvH/fP6Yxf8L+WMW/0Xyxyz+i+aPWfy/mD9m8V8sf8zi/6X8MYv/4vljFv8l8scs/l/OH7P4L5k/ZvFfKn/M4r90/pjF/yv5Yxb/ZfLHLP7L5o9Z/JfLH7P4L58/ZvH/av6YxX+F/DGL/4r5Yxb/lfLHLP4r549Z/FfJH7P4fy1/zOL/9fwxi/+q+WMW/9Xyxyz+q+ePWfzXyB+z+H8jf8ziv2b+mMV/rfwxi//a+WMW/3Xyxyz+6+aPWfzXyx+z+K+fP2bx/2b+mMV/g/wxi/+G+WMW/43yxyz+G+ePWfw3yR+z+G+aP2bx/1b+mMV/s/wxi//m+WMW/y3yxyz+384fs/h/J3/M4r9l/pjFf6v8MYv/1vljFv9t8scs/t/NH7P4fy9/zOL//fwxi/8P8scs/tvmj1n8t8sfs/hvnz9m8f9h/pjFf4f8MYv/j/LHLP475o9Z/HfKH7P4/zh/zOK/c/6YxX+X/DGL/675Yxb/n+SPWfx3yx+z+P80f8zi/7P8MYv/7vljFv898scs/nvmj1n8f54/ZvHfK3/M4r93/pjFf5/8MYv/vvljFv/98scs/vvnj1n8f5E/ZvE/IH/M4n9g/pjF/5f5Yxb/X+WPWfwPyh+z+P86f8zif3D+mMX/kPwxi/+h+WMW/9/kj1n8f5s/ZvE/LH/M4v+7/DGL/+H5Yxb/I/LHLP5H5o9Z/I/KH7P4H50/ZvH/ff6Yxf+Y/DGL/x/yxyz+x+aPWfyPyx+z+P8xf8zif3z+mMX/hPwxi/+J+WMW/5Pyxyz+J+ePWfz/lD9m8T8lf8zi/+f8MYv/qfljFv+/5I9Z/P+aP2bxPy1/zOJ/ev6Yxf9v+WMW/zPyxyz+Z+aPWfzPyh+z+J+dP2bxPyd/zOJ/bv6Yxf+8/DGL//n5Yxb/C/LHLP4X5o9Z/C/KH7P4X5w/ZvG/JH/M4n9p/pjF/7L8MYv/5fljFv8r8scs/lfmj1n8r8ofs/hfnT9m8b8mf8zif23+mMX/uvwxi//1+WMW/xvyxyz+N+aPWfxvyh+z+N+cP2bxvyV/zOJ/a/6Yxf+2/DGL/+35Yxb/O/LHLP535o9Z/O/KH7P4350/ZvG/J3/M4n9v/pjF/778MYv//fljFv8H8scs/g/mj1n8H8ofs/g/nD9m8X8kf8zi/2j+mMX/sfwxi//j+WMW/yfyxyz+T+aPWfyfyh+z+D+dP2bxfyZ/zOL/bP6Yxf+5/DGL//P5Yxb/F/LHLP4v5o9Z/F/KH7P4v5w/ZvF/JX/M4v9q/pjF/7X8MYv/6/ljEv+xBvLHLP6D8scs/oPzxyz+Y+SPWfyH5I9Z/MfMH7P4j5U/ZvEfO3/M4j9O/pjFf9z8MYv/ePljFv/x88cs/hPkj1n8J8wfs/hPlD9m8Z84f8ziP0n+mMV/0vwxi/9k+WMW//fkj1n835s/ZvF/X/6Yxf/9+WMW/w/kj1n8J88fs/h/MH/M4v+h/DGL/4fzxyz+H8kfs/hPkT9m8f9o/pjFf8r8MYv/0Pwxi/9U+WMW/6nzxyz+0+SPWfynzR+z+E+XP2bxnz5/zOI/Q/6YxX/G/DGL/8fyxyz+H88fs/h/In/M4v/J/DGL/6fyxyz+M+WPWfxnzh+z+M+SP2bxnzV/zOI/W/6YxX/2/DGL/xz5Yxb/OfPHLP5z5Y9Z/OfOH7P4z5M/ZvGfN3/M4j9f/pjFf/78MYv/p/PHLP6fyR+z+H82f8zi/7n8MYv/AvljFv8F88cs/gvlj1n8F84fs/h/Pn/M4v+F/DGL/yL5Yxb/RfPHLP5fzB+z+C+WP2bx/1L+mMV/8fwxi/8S+WMW/y/nj1n8l8wfs/gvlT9m8V86f8zi/5X8MYv/MvljFv9l88cs/svlj1n8l88fs/h/NX/M4r9C/pjFf8X8MYv/SvljFv+V88cs/qvkj1n8v5Y/ZvH/ev6YxX/V/DGL/2r5Yxb/1fPHLP5r5I9Z/L+RP2bxXzN/zOK/Vv6YxX/t/DGL/zr5Yxb/dfPHLP7r5Y9Z/NfPH7P4fzN/zOK/Qf6YxX/D/DGL/0b5Yxb/jfPHLP6b5I9Z/DfNH7P4fyt/zOK/Wf6YxX/z/DGL/xb5Yxb/b+ePWfy/kz9m8d8yf8ziv1X+mMV/6/wxi/82+WMW/+/mj1n8v5c/ZvH/fv6Yxf8H+WMW/23zxyz+2+WPWfy3zx+z+P8wf8ziv0P+mMX/R/ljFv8d88cs/jvlj1n8f5w/ZvHfOX/M4r9L/pjFf9f8MYv/T/LHLP675Y9Z/H+aP2bx/1n+mMV/9/wxi/8e+WMW/z3zxyz+P88fs/jvlT9m8d87f8ziv0/+mMV/3/wxi/9++WMW//3zxyz+v8gfs/gfkD9m8T8wf8zi/8v8MYv/r/LHLP4H5Y9Z/H+dP2bxPzh/zOJ/SP6Yxf/Q/DGL/2/yxyz+v80fs/gflj9m8f9d/pjF//D8MYv/EfljFv8j88cs/kflj1n8j84fs/j/Pn/M4n9M/pjF/w/5Yxb/Y/PHLP7H5Y9Z/P+YP2bxPz5/zOJ/Qv6Yxf/E/DGL/0n5Yxb/k/PHLP5/yh+z+J+SP2bx/3P+mMX/1Pwxi/9f8scs/n/NH7P4n5Y/ZvE/PX/M4v+3/DGL/xn5Yxb/M/PHLP5n5Y9Z/M/OH7P4n5M/ZvE/N3/M4n9e/pjF//z8MYv/BfljFv8L88cs/hflj1n8L84fs/hfkj9m8b80f8zif1n+mMX/8vwxi/8V+WMW/yvzxyz+V+WPWfyvzh+z+F+TP2bxvzZ/zOJ/Xf6Yxf/6/DGL/w35Yxb/G/PHLP435Y9Z/G/OH7P435I/ZvG/NX/M4n9b/pjF//b8MYv/HfljFv8788cs/nflj1n8784fs/jfkz9m8b83f8zif1/+mMX//vwxi/8D+WMW/wfzxyz+D+WPWfwfzh+z+D+SP2bxfzR/zOL/WP6Yxf/x/DGL/xP5Yxb/J/PHLP5P5Y9Z/J/OH7P4P5M/ZvF/Nn/M4v9c/pjF//n8MYv/C/ljFv8X88cs/i/lj1n8X84fs/i/kj9m8X81f8zi/1r+mMX/9fwxif/YA/ljFv9B+WMW/8H5Yxb/MfLHLP5D8scs/mPmj1n8x8ofs/iPnT9m8R8nf8ziP27+mMV/vPwxi//4+WMW/wnyxyz+E+aPWfwnyh+z+E+cP2bxnyR/zOI/af6YxX+y/DGL/3vyxyz+780fs/i/L3/M4v/+/DGL/wfyxyz+k+ePWfw/mD9m8f9Q/pjF/8P5Yxb/j+SPWfynyB+z+H80f8ziP2X+mMV/aP6YxX+q/DGL/9T5Yxb/afLHLP7T5o9Z/KfLH7P4T58/ZvGfIX/M4j9j/pjF/2P5Yxb/j+ePWfw/kT9m8f9k/pjF/1P5Yxb/mfLHLP4z549Z/GfJH7P4z5o/ZvGfLX/M4j97/pjFf478MYv/nPljFv+58scs/nPnj1n858kfs/jPmz9m8Z8vf8ziP3/+mMX/0/ljFv/P5I9Z/D+bP2bx/1z+mMV/gfwxi/+C+WMW/4Xyxyz+C+ePWfw/nz9m8f9C/pjFf5H8MYv/ovljFv8v5o9Z/BfLH7P4fyl/zOK/eP6YxX+J/DGL/5fzxyz+S+aPWfyXyh+z+C+dP2bx/0r+mMV/mfwxi/+y+WMW/+Xyxyz+y+ePWfy/mj9m8V8hf8ziv2L+mMV/pfwxi//K+WMW/1Xyxyz+X8sfs/h/PX/M4r9q/pjFf7X8MYv/6vljFv818scs/t/IH7P4r5k/ZvFfK3/M4r92/pjFf538MYv/uvljFv/18scs/uvnj1n8v5k/ZvHfIH/M4r9h/pjFf6P8MYv/xvljFv9N8scs/pvmj1n8v5U/ZvHfLH/M4r95/pjFf4v8MYv/t/PHLP7fyR+z+G+ZP2bx3yp/zOK/df6YxX+b/DGL/3fzxyz+38sfs/h/P3/M4v+D/KEvjm/x3zZ/zOK/Xf6YxX/7/DGL/w/zxyz+O+SPWfx/lD9m8d8xf8ziv1P+mMX/x/ljFv+d88cs/rvkj1n8d80fs/j/JH/M4r9b/pjF/6f5Yxb/n+WPWfx3zx+z+O+RP2bx3zN/zOL/8/wxi/9e+WMW/73zxyz+++SPWfz3zR+z+O+XP2bx3z9/zOL/i/wxi/8B+WMW/wPzxyz+v8wfs/j/Kn/M4n9Q/pjF/9f5Yxb/g/PHLP6H5I9Z/A/NH7P4/yZ/zOL/2/wxi/9h+WMW/9/lj1n8D88fs/gfkT9m8T8yf8zif1T+mMX/6Pwxi//v88cs/sfkj1n8/5A/ZvE/Nn/M4n9c/pjF/4/5Yxb/4/PHLP4n5I9Z/E/MH7P4n5Q/ZvE/OX/M4v+n/DGL/yn5Yxb/P+ePWfxPzR+z+P8lf8zi/9f8MYv/afljFv/T88cs/n/LH7P4n5E/ZvE/M3/M4n9W/pjF/+z8MYv/OfljFv9z88cs/uflj1n8z88fs/hfkD9m8b8wf8zif1H+mMX/4vwxi/8l+WMW/0vzxyz+l+WPWfwvzx+z+F+RP2bxvzJ/zOJ/Vf6Yxf/q/DGL/zX5Yxb/a/PHLP7X5Y9Z/K/PH7P435A/ZvG/MX/M4n9T/pjF/+b8MYv/LfljFv9b88cs/rflj1n8b88fs/jfkT9m8b8zf8zif1f+mMX/7vwxi/89+WMW/3vzxyz+9+WPWfzvzx+z+D+QP2bxfzB/zOL/UP6Yxf/h/DGL/yP5Yxb/R/PHLP6P5Y9Z/B/PH7P4P5E/ZvF/Mn/M4v9U/pjF/+n8MYv/M/ljFv9n88cs/s/lj1n8n88fs/i/kD9m8X8xf8zi/1L+mMX/5fwxi/8r+WMW/1fzxyz+r+WPWfxfzx+T+I8zkD9m8R+UP2bxH5w/9o/+Yw+8W/3HyB+z7P9D8scs/mPmj1n8x8ofs/iPnT9m8R8nf8ziP27+mMV/vPwxi//4+WMW/wnyxyz+E+aPWfwnyh+z+E+cP2bxnyR/zOI/af6YxX+y/DGL/3vyxyz+780fs/i/L3/M4v/+/DGL/wfyxyz+k+ePWfw/mD9m8f9Q/pjF/8P5Yxb/j+SPWfynyB+z+H80f8ziP2X+mMV/aP6YxX+q/DGL/9T5Yxb/afLHLP7T5o9Z/KfLH7P4T58/ZvGfIX/M4j9j/pjF/2P5Yxb/j+ePWfw/kT9m8f9k/pjF/1P5Yxb/mfLHLP4z549Z/GfJH7P4z5o/ZvGfLX/M4j97/pjFf478MYv/nPljFv+58scs/nPnj1n858kfs/jPmz9m8Z8vf8ziP3/+mMX/0/ljFv/P5I9Z/D+bP2bx/1z+mMV/gfwxi/+C+WMW/4Xyxyz+C+ePWfw/nz9m8f9C/pjFf5H8MYv/ovljFv8v5o9Z/BfLH7P4fyl/zOK/eP6YxX+J/DGL/5fzxyz+S+aPWfyXyh+z+C+dP2bx/0r+mMV/mfwxi/+y+WMW/+Xyxyz+y+ePWfy/mj9m8V8hf8ziv2L+mMV/pfwxi//K+WMW/1Xyxyz+X8sfs/h/PX/M4r9q/pjFf7X8MYv/6vljFv818scs/t/IH7P4r5k/ZvFfK3/M4r92/pjFf538MYv/uvljFv/18scs/uvnj1n8v5k/ZvHfIH/M4r9h/pjFf6P8MYv/xvljFv9N8scs/pvmj1n8v5U/ZvHfLH/M4r95/pjFf4v8MYv/t/PHLP7fyR+z+G+ZP2bx3yp/zOK/df6YxX+b/DGL/3fzxyz+38sfs/h/P3/M4v+D/DGL/7b5Yxb/7fLHLP7b549Z/H+YP2bx3yF/zOL/o/wxi/+O+WMW/53yxyz+P84fs/jvnD9m8d8lf8ziv2v+mMX/J/ljFv/d8scs/j/NH7P4/yx/zOK/e/6YxX+P/DGL/575Yxb/n+ePWfz3yh+z+O+dP2bx3yd/zOK/b/6YxX+//DGL//75Yxb/X+SPWfwPyB+z+B+Y/z83xOP/y/wxi/+v8sfepf6DBga2G3XqOAflj71L/d9o1P3/1/ljFv+D88cs/ofkj1n8D80fs/j/Jn/M4v/b/DGL/2H5Yxb/3+WPWfwPzx+z+B+RP2bxPzJ/zOJ/VP6Yxf/o/DGL/+/zxyz+x+SPWfz/kD9m8T82f8zif1z+mMX/j/ljFv/j88cs/ifkj1n8T8wfs/iflD9m8T85f8zi/6f8MYv/KfljFv8/549Z/E/NH7P4/yV/zOL/1/wxi/9p+WMW/9Pzxyz+f8sfs/ifkT9m8T8zf8zif1b+mMX/7Pwxi/85+WMW/3Pzxyz+5+WPWfzPzx+z+F+QP2bxvzB/zOJ/Uf6Yxf/i/DGL/yX5Yxb/S/PHLP6X5Y9Z/C/PH7P4X5E/ZvG/Mn/M4n9V/pjF/+r8MYv/NfljFv9r88cs/tflj1n8r88fs/jfkD9m8b8xf8zif1P+mMX/5vwxi/8t+WMW/1vzxyz+t+WPWfxvzx+z+N+RP2bxvzN/zOJ/V/6Yxf/u/DGL/z35Yxb/e/PHLP735Y9Z/O/PH7P4P5A/ZvF/MH/M4v9Q/pjF/+H8MYv/I/ljFv9H88cs/o/lj1n8H88fs/g/kT9m8X8yf8zi/1T+mMX/6fwxi/8z+WMW/2fzxyz+z+WPWfyfzx+z+L+QP2bxfzF/zOL/Uv6Yxf/l/DGL/yv5Yxb/V/PHLP6v5Y9Z/F/PH5P4jzuQP2bxH5Q/ZvEfnD9m8R8jf8ziPyR/zOI/Zv6YxX+s/DGL/9j5Yxb/cfLHLP7j5o9Z/MfLH7P4j58/ZvGfIH/M4j9h/pjFf6L8MYv/xPljFv9J8scs/pPmj1n8J8sfs/i/J3/M4v/e/DGL//vyxyz+788fs/h/IH/M4j95/pjF/4P5Yxb/D+WPWfw/nD9m8f9I/pjFf4r8MYv/R/PHLP5T5o9Z/Ifmj1n8p8ofs/hPnT9m8Z8mf8ziP23+mMV/uvwxi//0+WMW/xnyxyz+M+aPWfw/lj9m8f94/pjF/xP5Yxb/T+aPWfw/lT9m8Z8pf8ziP3P+mMV/lvwxi/+s+WMW/9nyxyz+s+ePWfznyB+z+M+ZP2bxnyt/zOI/d/6YxX+e/DGL/7z5Yxb/+fLHLP7z549Z/D+dP2bx/0z+mMX/s/ljFv/P5Y9Z/BfIH7P4L5g/ZvFfKH/M4r9w/pjF//P5Yxb/L+SPWfwXyR+z+C+aP2bx/2L+mMV/sfwxi/+X/h3/wf8X1+u/NIv/4u3/mMV/ifwxi/+X88cs/kvmj1n8l8ofs/gvnT9m8f9K/pjFf5n8MYv/svlj72L/UbnHXS5/7F3s/w/7//L5Yxb/r+aPWfxXyB+z+K+YP2bxXyl/zOK/cv6YxX+V/DGL/9fyxyz+X88fs/ivmj9m8V8tf8ziv3r+mMV/jfwxi/838scs/mvmj1n818ofs/ivnT9m8V8nf8ziv27+mMV/vfwxi//6+WMW/2/mj1n8N8gfs/hvmD9m8d8of8ziv3H+mMV/k/wxi/+m+WMW/2/lj1n8N8sfs/hvnj9m8d8if8zi/+38MYv/d/LHLP5b5o9Z/LfKH3uX+r9BPar/1vlj71L/NxrVf5v8MYv/d/PHLP7fyx+z+H/f5/9vfZqNxf8HPv9/K4v/tvljFv/t8scs/tvnj1n8f5g/ZvHfIX/M4v+j/DGL/475Yxb/nfLHLP4/zh+z+O+cP2bx3yV/zOK/a/6Yxf8n+WMW/93yxyz+P80fs/j/LH/M4r97/pjFf4/8MYv/nvljFv+f549Z/PfKH7P4750/ZvHfJ3/M4r9v/pjFf7/8MYv//vljFv9fvK2/d8uw+B+gVn7rLP4H5o9Z/H+ZP2bx/1X+mMX/oPwxi/+v88cs/gfnj1n8D8kfs/gfmj9m8f9N/pjF/7f5Yxb/w/LHLP6/yx+z+B+eP2bxPyJ/zOJ/ZP6Yxf+o/DGL/9H5Yxb/3+ePWfyPyR+z+P8hf8zif2z+mMX/uPwxi/8f88cs/sfnj1n8T8gfs/ifmD9m8T8pf8zif3L+mMX/T/ljFv9T8scs/n/OH7P4n5o/ZvH/S/6Yxf+v+WMW/9Pyxyz+p+ePWfz/lj9m8T8jf8zif2b+mMX/rPwxi//Z+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOJ/Yf6Yxf+i/DGL/8X5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/6r8MYv/1fljFv9r8scs/tfmj1n8r8sfs/hfnz9m8b8hf8zif2P+mMX/pvwxi//N+WMW/1vyxyz+t+aPWfxvyx+z+N+eP2bxvyN/zOJ/Z/6Yxf+u/DGL/935Yxb/e/5N/3H+b63Xf2kW/3vb/zGL/335Yxb/+/PHLP4P5I9Z/B/MH7P4P5Q/ZvF/OH/M4v9I/pjF/9H8MYv/Y/ljFv/H88cs/k/kj1n8n8wfs/g/lT9m8X86f8zi/0z+mMX/2fwxi/9z+WMW/+fzxyz+L+SPWfxfzB+z+L+UP2bxfzl/zOL/Sv6Yxf/V/DGL/2v5Yxb/1/PHJP7jDeSPWfwH5Y9Z/Afnj1n8x8gfs/gPyR+z+I+ZP2bxHyt/zOI/dv6YxX+c/DGL/7j5Yxb/8fLHLP7j549Z/CfIH7P4T5g/ZvGfKH/M4j9x/pjFf5L8MYv/pPljFv/J8scs/u/JH7P4vzd/zOL/vvwxi//788cs/h/IH7P4T54/ZvH/YP6Yxf9D+WMW/w/nj1n8P5I/ZvGfIn/M4v/R/DGL/5T5Yxb/ofljFv+p8scs/lPnj1n8p8kfs/hPmz9m8Z8uf8ziP33+mMV/hvwxi/+M+WMW/4/lj1n8P54/ZvH/RP6Yxf+T+WMW/0/lj1n8Z8ofs/jPnD9m8Z8lf8ziP2v+mMV/tvwxi//s+WMW/znyxyz+c+aPWfznyh+z+M+dP2bxnyd/zOI/b/6YxX++/DGL//z5Yxb/T+ePWfw/kz9m8f9s/pjF/3P5Yxb/BfLHLP4L5o9Z/BfKH7P4L5w/ZvH/fP6Yxf8L+WMW/0Xyxyz+i+aPWfy/mD9m8V8sf8zi/6X8MYv/4vljFv8l8scs/l/OH7P4L5k/ZvFfKn/M4r90/pjF/yv5Yxb/ZfLHLP7L5o9Z/JfLH7P4L58/ZvH/av6YxX+F/DGL/4r5Yxb/lfLHLP4r549Z/FfJH7P4fy1/zOL/9fwxi/+q+WMW/9Xyxyz+q+ePWfzXyB+z+H8jf8ziv2b+mMV/rfwxi//a+WMW/3Xyxyz+6+aPWfzXyx+z+K+fP2bx/2b+mMV/g/wxi/+G+WMW/43yxyz+G+ePWfw3yR+z+G+aP2bx/1b+mMV/s/wxi//m+WMW/y3yxyz+384fs/h/J3/M4r9l/pjFf6v8MYv/1vljFv9t8scs/t/NH7P4fy9/zOL//fwxi/8P8scs/tvmj1n8t8sfs/hvnz9m8f9h/pjFf4f8MYv/j/LHLP475o9Z/HfKH7P4/zh/zOK/c/6YxX+X/DGL/675Yxb/n+SPWfx3yx+z+P80f8zi/7P8MYv/7vljFv898scs/nvmj1n8f54/ZvHfK3/M4r93/pjFf5/8MYv/vvljFv/98scs/vvnj1n8f5E/ZvE/IH/M4n9g/pjF/5f5Yxb/X+WPWfwPyh+z+P86f8zif3D+mMX/kPwxi/+h+WMW/9/kj1n8f5s/ZvE/LH/M4v+7/DGL/+H5Yxb/I/LHLP5H5o9Z/I/KH7P4H50/ZvH/ff6Yxf+Y/DGL/x/yxyz+x+aPWfyPyx+z+P8xf8zif3z+mMX/hPwxi/+J+WNv+g8a8m72Pyl/zLL/n5w/ZvH/U/6Yxf+U/DGL/5/zxyz+p+aPWfz/kj9m8f9r/pjF/7T8MYv/6fljFv+/5Y9Z/M/IH7P4n5k/ZvE/K3/M4n92/pjF/5z8MYv/ufljFv/z8scs/ufnj1n8L8gfs/hfmD9m8b8of8zif3H+mMX/kvwxi/+l+WMW/8vyxyz+l+ePWfyvyB+z+F+ZP2bxvyp/zOJ/df6Yxf+a/DGL/7X5Yxb/6/LHLP7X549Z/G/IH7P435g/ZvG/KX/M4n9z/pjF/5b8MYv/rfljFv/b8scs/rfnj1n878gfs/jfmT9m8b8rf8zif3f+mMX/nvwxi/+9+WMW//vyxyz+9+ePWfwfyB+z+D+YP2bxfyh/zOL/cP6Yxf+R/DGL/6P5Yxb/x/LHLP6P549Z/J/IH7P4P5k/ZvF/Kn/M4v90/pjF/5n8MYv/s/ljFv/n8scs/s/nj1n8X8gfs/i/mD9m8X8pf8zi/3L+mMX/lfwxi/+r+WMW/9fyxyz+r+ePSfzHH8gfs/gPyh+z+A/OH7P4j5E/ZvEfkj9m8R8zf8ziP1b+mMV/7Pwxi/84+WMW/3Hzxyz+4+WPWfzHzx+z+E+QP2bxnzB/zOI/Uf6YxX/i/DGL/yT5Yxb/SfPHLP6T5Y9Z/N+TP2bxf2/+mMX/ffljFv/3549Z/D+QP2bxnzx/zOL/wfwxi/+H8scs/h/OH7P4fyR/zOI/Rf6Yxf+j+WMW/ynzxyz+Q/PHLP5T5Y9Z/KfOH7P4T5M/ZvGfNn/M4j9d/pjFf/r8MYv/DPljFv8Z88cs/h/LH7P4fzx/zOL/ifwxi/8n88cs/p/KH7P4z5Q/ZvGfOX/M4j9L/pjFf9b8MYv/bPljFv/Z88cs/nPkj1n858wfs/jPlT9m8Z87f8ziP0/+mMV/3vwxi/98+WMW//nzxyz+n84fs/h/Jn/M4v/Z/DGL/+fyxyz+C+SPWfwXzB+z+C+UP2bxXzh/zOL/+fwxi/8X8scs/ovkj1n8F80fs/h/MX/M4r9Y/pjF/0v5Yxb/xfPHLP5L5I9Z/L+cP2bxXzJ/zOK/VP6YxX/p/DGL/1fyxyz+y+SPWfyXzR+z+C+XP2bxXz5/zOL/1fwxi/8K+WMW/xXzxyz+K+WPWfxXzh+z+K+SP2bx/1r+mMX/6/ljFv9V88cs/qvlj1n8V88fs/ivkT9m8f9G/pjFf838MYv/WvljFv+188cs/uvkj1n8180fs/ivlz9m8V8/f8zi/838MYv/BvljFv8N88cs/hvlj1n8N84fs/hvkj9m8d80f8zi/638MYv/ZvljFv/N88cs/lvkj1n8v50/ZvH/Tv6YxX/L/DGL/1b5Yxb/rfPHLP7b5I9Z/L+bP2bx/17+mMX/+/ljFv8f5I9Z/LfNH7P4b5c/ZvHfPn/M4v/D/DGL/w75Yxb/H+WPWfx3zB+z+O+UP2bx/3H+mMV/5/wxi/8u+WMW/13zxyz+P8kfs/jvlj9m8f9p/pjF/2f5Yxb/3fPHLP575I9Z/PfMH7P4/zx/zOK/V/6YxX/v/DGL/z75Yxb/ffPHLP775Y9Z/PfPH7P4/yJ/zOJ/QP6Yxf/A/DGL/y/zxyz+v8ofs/gflD9m8f91/pjF/+D8MYv/IfljFv9D88cs/r/JH7P4/zZ/zOJ/WP6Yxf93+WMW/8Pzxyz+R+SPWfyPzB+z+B+VP2bxPzp/zOL/+/wxi/8x+WMW/z/kj1n8j80fs/gflz9m8f9j/pjF//j8MYv/CfljFv8T88cs/iflj1n8T84fs/j/KX/M4n9K/pjF/8/5Yxb/U/PHLP5/yR+z+P81f8zif1r+mMX/9Pwxi//f8scs/mfkj1n8z8wfs/iflT9m8T87f8zif07+mMX/3Pwxi/95+WMW//Pzxyz+F+SPWfwvzB+z+F+UP2bxvzh/zOJ/Sf6Yxf/S/DGL/2X5Yxb/y/PHLP5X5I9Z/K/MH7P4X5U/ZvG/On/M4n9N/pjF/9r8MYv/dfljFv/r88cs/jfkj1n8b8wfs/jflD9m8b85f8zif0v+mMX/1vwxi/9t+WMW/9vzxyz+d+SPWfzvzB+z+N+VP2bxvzt/zOJ/T/6Yxf/e/DGL/335Yxb/+/PHLP4P5I9Z/B/MH7P4P5Q/ZvF/OH/M4v9I/pjF/9H8MYv/Y/ljFv/H88cs/k/kj1n8n8wfs/g/lT9m8X86f8zi/0z+mMX/2fwxi/9z+WMW/+fzxyz+L+SPWfxfzB+z+L+UP2bxfzl/zOL/Sv6Yxf/V/DGL/2v5Yxb/1/PHJP4TDOSPWfwH5Y9Z/Afnj1n8x8gfs/gPyR+z+I+ZP2bxHyt/zOI/dv6YxX+c/DGL/7h6/8E41eI/nt6fs/iPnz9m8Z8gf8ziP2H+mMV/ovwxi//E+WMW/0nyxyz+k+aPWfwnyx+z+L8nf8zi/978MYv/+/LHLP7vzx+z+H8gf8ziP3n+mMX/g/ljFv8P5Y9Z/D+cP2bx/0j+mMV/ivwxi/9H88cs/lPmj1n8h+aPWfynyh+z+E+dP2bxnyZ/zOI/bf6YxX+6/DGL//T5Yxb/GfLHLP4z5o9Z/D+WP2bx/3j+mMX/E/ljFv9P5o9Z/D+VP2bxnyl/zOI/c/6YxX+W/DGL/6z5Yxb/2fLHLP6z549Z/OfIH7P4z5k/ZvGfK3/M4j93/pjFf578MYv/vPljFv/58scs/vPnj1n8P50/ZvH/TP6Yxf+z+WMW/8/lj1n8F8gfs/gvmD9m8V8of8ziv3D+mMX/8/ljFv8v5I9Z/BfJH7P4L5o/ZvH/Yv6YxX+x/DGL/5fyxyz+i+ePWfyXyB+z+H85f8ziv2T+mMV/qfwxi//S+WMW/6/kj1n8l8kfs/gvmz9m8V8uf8ziv3z+mMX/q/ljFv8V8scs/ivmj1n8V8ofs/ivnD9m8V8lf8zi/7X8MYv/1/PHLP6r5o9Z/FfLH7P4r54/ZvFfI3/M4v+N/DGL/5r5Yxb/tfLHLP5r549Z/NfJH7P4r5s/ZvFfL3/M4r9+/pjF/5v5Yxb/DfLHLP4b5o9Z/DfKH7P4b5w/ZvHfJH/M4r9p/pjF/1v5Yxb/zfLHLP6b549Z/LfIH7P4fzt/zOL/nfwxi/+W+WMW/63yxyz+W+ePWfy3yR+z+H83f8zi/738MYv/9/PHLP4/yB+z+G+bP2bx3y5/zOK/ff6Yxf+H+WMW/x3yxyz+P8ofs/jvmD9m8d8pf8zi/+P8MYv/zvljFv9d8scs/rvmj1n8f5I/ZvHfLX/M4v/T/DGL/8/yxyz+u+ePWfz3yB+z+O+ZP2bx/3n+mMV/r/wxi//e+WMW/33yxyz+++aPWfz3yx+z+O+fP2bx/0X+mMX/gPwxi/+B+WMW/1/mj1n8f5U/ZvE/KH/M4v/r/DGL/8H5Yxb/Q/LHLP6H5o9Z/H+TP2bx/23+mMX/sPwxi//v8scs/ofnj1n8j8gfs/gfmT9m8T8qf8zif3T+mMX/9/ljFv9j8scs/n/IH7P4H5s/ZvE/Ln/M4v/H/DGL//H5Y2/6jzvwbvY/IX/Msv+fmD9m8T8pf8zif3L+mMX/T/ljFv9T8scs/n/OH7P4n5o/ZvH/S/6Yxf+v+WMW/9Pyxyz+p+ePWfz/lj9m8T8jf8zif2b+mMX/rH/p/9r/3fX6L83if3b7P2bxPyd/zOJ/bv6Yxf+8/DGL//n5Yxb/C/LHLP4X5o9Z/C/KH7P4X5w/ZvG/JH/M4n9p/pjF/7L8MYv/5fljFv8r8scs/lfmj1n8r8ofs/hfnT9m8b8mf8zif23+mMX/uvwxi//1+WMW/xvyxyz+N+aPWfxvyh+z+N+cP2bxvyV/zOJ/a/6Yxf+2/DGL/+35Yxb/O/LHLP535o9Z/O/KH7P4350/ZvG/J3/M4n9v/pjF/778MYv//fljFv8H8scs/g/mj1n8H8ofs/g/nD9m8X8kf8zi/2j+mMX/sfwxi//j+WMW/yfyxyz+T+aPWfyfyh+z+D+dP2bxfyZ/zOL/bP6Yxf+5/DGL//P5Yxb/F/LHLP4v5o9Z/F/KH7P4vyzyH/IfzGvxf0Xk/59k8X81f8zi/1r+mMX/9fwxif+EA/ljFv9B+WMW/8H5Yxb/MfLHLP5D8scs/mPmj1n8x8ofs/iPnT9m8R8nf8ziP27+mMV/vPwxi//4+WMW/wnyxyz+E+aPWfwnyh+z+E+cP2bxnyR/zOI/af6YxX+y/DGL/3vyxyz+780fs/i/L3/M4v/+/DGL/wfyxyz+k+ePWfw/mD9m8f9Q/pjF/8P5Yxb/j+SPWfynyB+z+H80f8ziP2X+mMV/aP6YxX+q/DGL/9T5Yxb/afLHLP7T5o9Z/KfLH7P4T58/ZvGfIX/M4j9j/pjF/2P5Yxb/j+ePWfw/kT9m8f9k/pjF/1P5Yxb/mfLHLP4z549Z/GfJH7P4z5o/ZvGfLX/M4j97/pjFf478MYv/nPljFv+58scs/nPnj1n858kfs/jPmz9m8Z8vf8ziP3/+mMX/0/ljFv/P5I9Z/D+bP2bx/1z+mMV/gfwxi/+C+WMW/4Xyxyz+C+ePWfw/nz9m8f9C/pjFf5H8MYv/ovljFv8v5o9Z/BfLH7P4fyl/zOK/eP6YxX+J/DGL/5fzxyz+S+aPWfyXyh+z+C+dP2bx/0r+mMV/mfwxi/+y+WMW/+Xyxyz+y+ePWfy/mj9m8V8hf8ziv2L+mMV/pfwxi//K+WMW/1Xyxyz+X8sfs/h/PX/M4r9q/pjFf7X8MYv/6vljFv818scs/t/IH7P4r5k/ZvFfK3/M4r92/pjFf538MYv/uvljFv/18scs/uvnj1n8v5k/ZvHfIH/M4r9h/pjFf6P8MYv/xvljFv9N8scs/pvmj1n8v5U/ZvHfLH/M4r95/pjFf4v8MYv/t/PHLP7fyR+z+G+ZP2bx3yp/zOK/df6YxX+b/DGL/3fzxyz+38sfs/h/P3/M4v+D/DGL/7b5Yxb/7fLHLP7b549Z/H+YP2bx3yF/zOL/o/wxi/+O+WMW/53yxyz+P84fs/jvnD9m8d8lf8ziv2v+mMX/J/ljFv/d8scs/j/NH7P4/yx/zOK/e/6YxX+P/DGL/575Yxb/n+ePWfz3yh+z+O+dP2bx3yd/zOK/b/6YxX+//DGL//75Yxb/X+SPWfwPyB+z+B+YP2bx/2X+mMX/V/ljFv+D8scs/r/OH7P4H5w/9m70HzQwsN3AaP6H5I+9G/1p/z80f8zi/5v8MYv/b/PHLP6H5Y9Z/H+XP2bxPzx/zOJ/RP6Yxf/I/DGL/1H5Yxb/o/PHLP6/zx+z+B+TP2bx/0P+mMX/2Pwxi/9x+WMW/z/mj1n8j88fs/ifkD9m8T8xf8zif1L+mMX/5Pwxi/+f8scs/qfkj1n8/5w/ZvE/NX/M4v+X/DGL/1/zxyz+p+WPWfxPzx+z+P8tf8zif0b+mMX/zPwxi/9Z+WMW/7Pzxyz+5+SPWfzPzR+z+J+XP2bxPz9/zOJ/Qf6Yxf/C/DGL/0X5Yxb/i/PHLP6X5I9Z/C/NH7P4X5Y/ZvG/PH/M4n9F/pjF/8r8MYv/VfljFv+r88cs/tfkj1n8r80fs/hflz9m8b8+f8zif0P+mMX/xvwxi/9N+WMW/5vzxyz+t+SPWfxvzR+z+N+WP2bxvz1/zOJ/R/6Yxf/O/DGL/135Yxb/u/PHLP735I9Z/O/NH7P435c/ZvG/P3/M4v9A/pjF/8H8MYv/Q/ljFv+H88cs/o/kj1n8H80fs/g/lj9m8X88f8zi/0T+mMX/yfwxi/9T+WMW/6fzxyz+z+SPWfyfzR+z+D+XP2bxfz5/zOL/Qv6Yxf/F/DGL/0v5Yxb/l/PHLP6v5I9Z/F/NH7P4v5Y/ZvF/PX9M4j/RQP6YxX9Q/pjFf3D+mMV/jPwxi/+Q/DGL/5j5Yxb/sfLHLP5j549Z/MfJH7P4j5s/ZvEfL3/M4j9+/pjFf4L8MYv/hPljFv+J8scs/hPnj1n8J8kfs/hPmj9m8Z8sf8zi/578MYv/e/PHLP7vyx+z+L8/f8zi/4H8MYv/5PljFv8P5o9Z/D+UP2bx/3D+mMX/I/ljFv8p8scs/h/NH7P4T5k/ZvEfmj9m8Z8qf8ziP3X+mMV/mvwxi/+0+WMW/+nyxyz+0+ePWfxnyB+z+M+YP2bx/1j+mMX/4/ljFv9P5I9Z/D+ZP2bx/1T+mMV/pvwxi//M+WMW/1nyxyz+s+aPWfxnyx+z+M+eP2bxnyN/zOI/Z/6YxX+u/DGL/9z5Yxb/efLHLP7z5o9Z/OfLH7P4z58/ZvH/dP6Yxf8z+WMW/8/mj1n8P5c/ZvFfIH/M4r9g/pjFf6H8MYv/wvljFv/P549Z/L+QP2bxXyR/zOK/aP6Yxf+L+WMW/8Xyxyz+X8ofs/gvnj9m8V8if8zi/+X8MYv/kvljFv+l8scs/kvnj1n8v5I/ZvFfJn/M4r9s/pjFf7n8MYv/8vljFv+v5o9Z/FfIH7P4r5g/ZvFfKX/M4r9y/pjFf5X8MYv/1/LHLP5fzx+z+K+aP2bxXy1/zOK/ev6YxX+N/DGL/zfyxyz+a+aPWfzXyh+z+K+dP2bxXyd/zOK/bv6YxX+9/DGL//r5Yxb/b+aPWfw3yB+z+G+YP2bx3yh/zOK/cf6YxX+T/DGL/6b5Yxb/b+WPWfw3yx+z+G+eP2bx3yJ/zOL/7fwxi/938scs/lvmj1n8t8ofs/hvnT9m8d8mf8zi/938MYv/9/LHLP7fzx+z+P8gf8ziv23+mMV/u/wxi//2+WMW/x/mj1n8d8gfs/j/KH/M4r9j/pjFf6f8MYv/j/PHLP47549Z/HfJH7P475o/ZvH/Sf6YxX+3/DGL/0/zxyz+P8sfs/jvnj9m8d8jf8ziv2f+mMX/5/ljFv+98scs/nvnj1n898kfs/jvmz9m8d8vf8ziv3/+mMX/F/ljFv8D8scs/gfmj1n8f5k/ZvH/Vf6Yxf+g/DGL/6/zxyz+B+ePWfwPyR+z+B+aP2bx/03+mMX/t/ljFv/D8scs/r/LH7P4H54/ZvE/In9sNP/j363+R+aPWfb/o/LHLP5H549Z/H+fP2bxPyZ/zOL/h/wxi/+x+WMW/+Pyxyz+f8wfs/gfnz9m8T8hf8zif2L+2Cj+g97N/iflj1n2/5Pzxyz+f8ofs/ifkj9m8f9z/pjF/9T8MYv/X/LHLP5/zR+z+J+WP2bxPz1/zOL/t/wxi/8Z+WMW/zPzxyz+Z+WPWfzPzh+z+J+TP2bxPzd/zOJ/Xv6Yxf/8/DGL/wX5Yxb/C/PHLP4X5Y9Z/C/OH7P4X5I/ZvG/NH/M4n9Z/pjF//L8MYv/FfljFv8r88cs/lflj1n8r84fs/hfkz9m8b82f8zif13+mMX/+vwxi/8N+WMW/xvzxyz+N+WPWfxvzh+z+N+SP2bxvzV/zOJ/W/6Yxf/2/DGL/x35Yxb/O/PHLP535Y9Z/O/OH7P435M/ZvG/N3/M4n8f+Y/9v7he/6VZ/O9v/8cs/g/kj1n8H8wfs/g/lD9m8X84f8zi/0j+mMX/0fwxi/9j+WMW/8fzxyz+T+SPWfyfzB+z+D+VP2bxfzp/zOL/TP6Yxf/Z/DGL/3P5Yxb/5/PHLP4v5I9Z/F/MH7P4v/RW/kP+l9brvzSL/8vt/5jF/5X8MYv/q/ljFv/X8scs/q/nj0n8Jx7IH7P4/3/s3HuUXXV5x+E9k98kIUACpVoDBmNCICCQkAAhIpeAAkOSAS8oRBKIEC4lgRSiCVQh4gVtlaJUpbYKchEoAgpFSy00SimFikVFbYultEipVagoBVqVdA2ZiZnxZRazs7tZ5n2ePzJzzvgeIZ+1/OZM1tihfyhL/079Q1n6j9A/lKV/0T+UpX+X/qEs/UfqH8rSf5T+oSz9R+sfytJ/M/1DWfqP0T+Upf/m+oey9N9C/1CW/lvqH8rSf6z+oSz9x+kfytJ/K/1DWfpvrX8oS//f0D+Upf82+oey9P9N/UNZ+r9E/1CW/i/VP5Sl/2/pH8rS/2X6h7L0H69/KEv/bfUPZem/nf6hLP1frn8oS/8J+oey9N9e/1CW/q/QP5Sl/0T9Q1n6v1L/UJb+k/QPZek/Wf9Qlv476B/K0n+K/qEs/XfUP5Sl/076h7L0n6p/KEv/nfUPZem/i/6hLP1fpX8oS/9d9Q9l6b+b/qEs/XfXP5Sl/zT9Q1n6T9c/lKX/HvqHsvSfoX9oU+8/ct2n42bqH9rU+/cZt6f+oSz999I/lKX/3vqHsvSfpX8oS/999A9l6T9b/1CW/q/WP5Sl/776h7L0f43+oSz999M/lKX//vqHsvQ/QP9Qlv4H6h/K0n+O/qEs/Q/SP5Sl/8H6h7L0f63+oSz9X6d/KEv/Q/QPZel/qP6hLP0P0z+UpX+3/qEs/Q/XP5Sl/1z9Q1n6z9M/lKX/fP1DWfr36B/K0v8I/UNZ+h+pfyhL/9frH8rS/w36h7L0f6P+oSz936R/KEv/o/QPZen/Zv1DWfq/Rf9Qlv5H6x/K0v8Y/UNZ+i/QP5Sl/1v1D2Xpf6z+oSz9F+ofytJ/kf6hLP2P0z+Upf/x+oey9F+sfyhL/7fpH8rS/wT9Q1n6n6h/KEv/JfqHsvQ/Sf9Qlv4n6x/K0v8U/UNZ+p+qfyhL/9/WP5Sl/2n6h7L0X6p/KEv/ZfqHsvQ/Xf9Qlv5n6B/K0n+5/qEs/X9H/1CW/mfqH8rS/yz9Q1n6r9A/lKX/2/UPZen/Dv1DWfqv1D+Upf8q/UNZ+p+tfyhL/3P0D2Xp/7v6h7L0f6f+oSz936V/KEv/c/UPZel/nv6hLP1X6x/K0v/d+oey9D9f/1CW/u/RP5Sl/3v1D2Xp/z79Q1n6v1//UJb+F+gfytL/A/qHsvT/oP6hLP1/T/9Qlv6/r38oS/8P6R/K0v/D+oey9L9Q/1CW/n+gfyhL/4v0D2Xp/xH9Q1n6f1T/UJb+F+sfytL/D/UPZen/Mf1DWfp/XP9Qlv6f0D+Upf8l+oey9P8j/UNZ+n9S/1CW/n+sfyhL/z/RP5Sl/6f0D2Xp/2n9Q1n6X6p/KEv/y/QPZen/Gf1DWfpfrn8oS/8r9A9l6X+l/qEs/a/SP5Sl/2f1D2Xpf7X+oSz9r9E/lKX/tfqHsvT/U/1DWfpfp38oS//P6R/K0v96/UNZ+t+gfyhL/xv1D2Xp/3n9Q1n6f0H/UJb+N+kfytL/Zv1DWfr/mf6hLP1v0T+Upf8X9Q9l6f8l/UNZ+v+5/qEs/W/VP5Sl/1/oH8rS/8v6h7L0/0v9Q1n636Z/KEv/2/UPZen/V/qHsvRfo38oS/+v6B/K0v+r+oey9L9D/1CW/n+tfyhL/zv1D2Xp/zf6h7L0v0v/UJb+f6t/KEv/u/UPZel/j/6hLP3/Tv9Qlv5f0z+Upf+9+oey9P+6/qEs/f9e/1CW/vfpH8rS/xv6h7L0/6b+oSz9v6V/KEv/+/UPZen/bf1DWfp/R/9Qlv7f1T+Upf8/6B/K0v8f9Q9l6f9P+oey9H9A/1CW/t/TP5Sl/z/rH8rS/0H9Q1n6/4v+oSz9H9I/lKX/v+ofytL/3/QPZen/sP6hLP2/r38oS/9H9A9l6f/v+oey9H9U/1CW/v+hfyhL/x/oH8rS/z/1D2Xp/0P9Q1n6/0j/UJb+j+kfytL/cf1DWfr/l/6hLP1/rH8oS/8n9A9l6f8T/UNZ+v9U/1CW/k/qH8rS/7/1D2Xp/5T+oSz9n9Y/lKX/M/qHsvT/H/1DWfr/r/6hLP1/pn8oS/+f6x/K0v8X+oey9H9W/1CW/mv1DyXpv1WlfyhL/w79Q1n6d+ofytJ/hP6hLP2L/qEs/bv0D2XpP1L/UJb+o/QPZek/Wv9Qlv6b6R/K0n+M/qEs/TfXP5Sl/xb6h7L031L/UJb+Y/UPZek/Tv/QJtcfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKiq7p45j43oGPDUiA0fTLh3yXMf93z66FOuuuqLW/d/7Pvy3OAlOzd8sHbt2rWdT1Zf63s4qqqq3v+2rfoejx583Pv65825ZOq6R2Xi5c/sct3KZw56/433X/P0oVfPva7ruWe7quNPOnXpkumdVVUmd1Wreh/s0VFVZceu6qLeBzN6H+zUVV3T+2Dmcw82q9b0Ptj9hDOWntj7xNTav2cA8Ouuu2d1NWLAYlcD/jSw4f6fN+fm1f0fh3jJ/lcrVd/+33rTNu8Y9LV+z7P//a9fXjl4/4f9LwgA/Irh7f8dE/s/DvGSv/L+f/7pH78/+trz73//65dJ9h8Amhd8/3/ARg/+vv+g7/9Hfw5Yf3/acReP6t3/q58+akXfU+WFfP//l69fJg/e/84B3//vqKqyQ//3/0dVVZmykb8dAJBCd8+7Hxvq/f/Q+1+2HXTTseH+b339mqN69//BMTe+tO+prmHu/w5Dvf8/ZNA/KwDwwnT3fGbtoPf/w9j/asfgJdfv/8Gr7n5J7/5/48HvT9zga8PZ/ymD93/aimXLp5119jm7nbps8clLTl5y+uxZs/bZa9bes2dMe+47Aut+3cjfFADYxG3c+/9qzKCbjqp6ZP39h26bcHfv/s/45GGn9D01epj7v+OQ7/8nev8PAANM6qxGjqxWLV6x4sw91v3a/3DGul/X/ceC/R/G3/9P7v8huv6fGeyoqpetv+856wOdvft/xeRtb+t7auQw93+nIff/wIE/qwgAvDAb+f7/xEE3A/Z/3IhrZ/fu/+FTdr6g76nh/v3/1CH3/zLv/wGgju6e6v/1TXTv/p+/xS8urXdddvbzfwDQvDb2//EJ75lU77rsYv8BoHlt7P+SA7a8pd51eZX9B4DmtbH/d3VfvLDeddnV/gNA89rY/3mnTbin3nXZzf4DQPPa2P+J55ywst512d3+A0Dz2tj/645+7KF612XagP0fbf8BoAlt7P+xox98ot51me79PwA0r439/+4uR55U77rsYf8BoHlt7P+X9939gXrXZYb9B4DmtbH/08dfNq/edZlp/wGgeW3s/0fP2P/KetdlT/sPAM1rY//Hz//8zHrXZS/7DwDNa2P/337s1y+sd132tv8A0Lw29v/Zcw8cX++6zLL/ANC8NvZ/zV3bL6h3Xfax/wDQvDb2f+4jF91b77rMtv8A0Lw29n+nJx9fXu+6vNr+A0Dz2tj/z33n+EfrXZd97T8ANK+N/R972bPj6l2X19h/AGheG/v/vvOXX1Lvuuxn/wGgeW3s/w8uHjul3nXZ3/4DQPPa2P+3fWH1TfWuywH2HwCa18b+f/PhmXPrXZcD7T8ANK+N/T/mK7d9r951mWP/AaB5bez/XvfdsbjedTnI/gNA89rY/9t/Mv+petflYPsPAM1rY/9f/t5vbV/vurzW/gNA89rY/098duEH612X19l/AGheG/v/sy9N3rPedTnE/gNA89rY/+Ufu/6KetflUPsPAM1rY/97dv3pQ/Wuy2H2HwCa18b+3zn2XSvrXZdu+w8AzWtj/699xYh76l2Xw+0/ADSvjf2ftN+HF9a7LnPtPwA0r439Xz13m1vqXZd59h8AmtfG/m9+6qcm1bsu8+0/ADSvjf0/edXDl9a7Lj32HwCa18b+/2jBstH1rssR9h8AmtfG/m83ZtH4etflSPsPAM1rY/8vmnrfhfWuy+vtPwA0r439//nsG2bWuy5vsP8A0Lw29n/ldhOvrHdd3mj/AaB5bez/t5fdPq/edXmT/QeA5rWx/4uOmP5AvetylP0HgOa1sf8zFvWcVO+6vNn+A0Dz2tj/W9+55ol61+Ut9h8AmtfG/l9w56dvqnddjrb/ANC8NvZ/i0e3mlLvuhxj/wGgeW3s//FPnX5JveuywP4DQPPa2P8f3v/QuHrX5a32HwCa18b+d19+7qP1rsux9h8AmtfG/n919Y+X17suC+0/ADSvjf2/4SMX3lvvuiyy/wDQvDb2f8rN1YJ61+U4+w8AzTvr7HNOW7x06ZIzfeITn/hk/Scv9v8yAQAATfvlH/pf7H8SAAAAAAAAAAAAAAAAAAAAyKuN/zuxF/vfEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/o8dOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDgQAAAAABPlbrzBAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXwEAAP//7OPbug==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time\x00', 0x275a, 0x0)
fallocate(r0, 0x0, 0x7fffe, 0x7000000)

2.817585165s ago: executing program 5 (id=1000):
io_setup(0x4, &(0x7f0000000000)=<r0=>0x0)
r1 = openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x81}])

2.668233084s ago: executing program 4 (id=1002):
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x32, &(0x7f0000000f00)=0x1000000, 0x4)

2.52948778s ago: executing program 3 (id=1003):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000600), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="010b00000000000000000c00000008000300", @ANYRES32], 0x1c}}, 0x0)

2.391808144s ago: executing program 4 (id=1004):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES8, @ANYRES8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="280500003d0007010000000000000000017c0000040000000c00018006000600800a000004050280ff0414800c"], 0x528}}, 0xc000)

2.312243287s ago: executing program 5 (id=1005):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f00000004c0)={0xa, 0x0, 0x0, @remote, 0xb7}, 0x1c)
connect$inet6(r0, &(0x7f0000000480)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x1c)

2.176437291s ago: executing program 3 (id=1007):
syz_read_part_table(0x107b, &(0x7f0000000000)="$eJzs0L1NxEAQBeBn34+PKmjlAjIyKIA2nGFqIUa0QEwPRJRAhAANWhaXAJd8XzB6sp5npA0ntR2TYWhpGZIlGZMckvvH/VrZrOG91m7y1EbPXzVV1cvD3e63V228ttG/HJObtqbekuWzdrk9jM9Tsuw3w9XF9WW/2M1rGD+q6tj+bXfmZMq27e5+Kudnf/o0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBvvgMAAP//S7Qi7A==")
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$inet_mptcp_buf(r0, 0x11c, 0x2, &(0x7f0000000040)=""/185, &(0x7f0000000100)=0x10)

2.048313573s ago: executing program 5 (id=1008):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f00000004c0), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)=0x2)
ioctl$PPPIOCGIDLE32(r0, 0x8008743f, &(0x7f0000000180))

1.97186651s ago: executing program 4 (id=1009):
syz_mount_image$hfsplus(&(0x7f0000003000), &(0x7f0000000240)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x208000, &(0x7f0000003f80)=ANY=[@ANYBLOB="6e6c733d63703935302c6e6f626172726965722c666f7263652c756d61736b3d30303030303030303030303030303030303030313030302c00d01280f532b0f4cf3b36fd5c6ef64269a533fc6b052f92ffcac08ca18519d5b3711b97ec291e41355fa65d9c0d15e7c10c63ab0bba736f92ab9d30478ae1452a017be98c2a0507febf295db17e98d0fffc0d349264ce2acdedc0a61ae132d4024d39e11de2dc8679fac7efcb6137aa2e361c5f6cb851e3a60ba05f834666694667f27f0d632cf9a85fe247e27251acbd739ff85088cb201010900132000000000000000000002593d600000000"], 0xfd, 0x691, &(0x7f00000002c0)="$eJzs3U1sHGf9B/DvrDdrO/+/UrdN2oKQGjUigkYkdpaSIEAEhFAOFYrEpRcOVuI0VjZp5bjIrRB1eb1y7KGHIhQOPaEekIo4VJQzEhInLrlH4u4Ti2Z2dr3Oxo43b7uBz0eanWfmeZnf/PzM7JusDfA/6/xrObCZIudPvLpRbt+62e7cutm+1i8nmU3SSJq9VYrrSfFZci69JZ8rd9bDFbsd55Xbn3xw/P2P2r2tZr1U7Rt79Rtx15ab9ZKjSWbq9QPYMd7FBx6vGMRdJuxYP3Ewad0Rm+N03/91C0ytove8OWIhOZhkrn4dkPru0Hi80T18Y93lAAAA4An11Fa2spFDk44DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAniT17/8X9dLol4+m6P/+f6va16qatyYd74P6dNIBAAAAAAAAAMBD8OJWtrKRQ/3tblF95/9StXG4evy/vJUbWclaTmYjy1nPetaylGShqn+vemxtLK+vry3t1rPb7b7bnal6nh70zFDP0yOhFXtH3p194JMHAAAAAAAAgCfMHl+W/yznt7//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAaVAkM71VtRzulxfSaCaZS9Iq220mf+6Xn2SfTjoAAAAAeAye2spWNnKo+Hdvu1tU7/mfq973z+WtXM96VrOeTlZyqfosoPeuv/H3zXbn1s32tXIZHfc7/xorjGrE9D57uPuRF6sWR+r2m0m+nx/mRI7mQtaymh9nOetZydF8ryotp8hCNdY/v5XUcY7EO1s+nNsRyoV7xfpCFcl8Lme1iu1kLg4+Bmn02wwd7Y+tZEeGGnmvzE7x7do+c3SpXpd/g9/U6+mwUJ3UgUFGFuvcl9l4+tZuua/05sns+Edq1nsag8+gDu91pPvM+cF6Xeb6V8M5f3G/ET8qwzkvozqdxmD2Pbd3zpMv/+MvF650rl+9cvnGiemZRrvqdrvv7l575+xrDzIxl+f3n4nNXTLx8c7Nmbu1mRvzhB6RVp2NXozbd8vk/PDdsttNRu6WL1V9D2U1P8gbuZSVnMlilnI2i/l6Tqe9Y4Yd2Tuv1bXWGO9aO/alujCf5Nf1ejqUeX16KK/Dd7qFqm54z3aWntlHlsa8IzU/XxfKY/x86Bln8u7MxNJQJp7dOxO/LWdkbnSuX127svzmPo93vF6Xl+0vdz4f/u5hnM/9K+fLM+Ufq9raOTvKumfvWrdU1R0e1DVG6o4M6u51pbbq13CjI/Xqnr9rXbuqe2GobsernLyRzuBVCADToju66+DLB1vzt+f/Nv/h/C/mr8y/Ovfd2bOzX2jlwF+bf5r5Q+P3jW8WL+fD/DSHJhEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8t7nx9jtXlzudlbUpLKQxXq/yfCYd89QWZpOM26toPtwwPk5y3937vxXY3/PFzkr+f49ezaEZvt1rKv4WD174xo/qZNyjcXO8y3y+HnB6flwMeHROrV9789SNt9/5yuq15ddXXl+5fvrsmbNn2l9b+uqpy6udlcXe46SjBB6F7Wf/SUcCAAAAAAAAAAAA7Nfj+I+FSZ8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8GQ7/1oObKbI0uLJxXL71s12p1z65e2WzSSNJMVPkuKz5Fx6SxaGhit2O84rtz/54Pj7H7W3x2r22zf26rc/m/WSo0lm6vWdDUbN7mu8i8PjNe4nvGJwhmXCjvUTB5P2nwAAAP//euIAEg==")
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000000300)=""/104, 0x68)

1.904323367s ago: executing program 2 (id=1010):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r1=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0), r1, 0x0, 0x1, 0x4}}, 0x20)

1.888001949s ago: executing program 1 (id=1011):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8d0, &(0x7f0000000080)=ANY=[@ANYBLOB='acl,heartbeat=none,dir_resv_level=00003,coherency=full,coherency=full,localflocks,coherency=full,noacl,\x00'/119], 0x1, 0x4441, &(0x7f0000004480)="$eJzs3cFvG1UaAPA3k+w27bbdpNtDV1ppLW2lRYCipCcglUjTtGnShqJCK8QldRK3DThxlTiIQw/hVokTEgfEoQIJDiinKgeOlD+BCzfKuRIcuCBVQgTZniSesU3cKE5o9ftJ9Xjem/fmsz/P85tKzosT5VtzS7m5pVx+IVeaubF0Kvdeqbg8XwjxHtnv89OeTuRJ7vfP5bPn37h2KoRvZ79/tL6+vh4qukNTg3XPf/3lzkz9dkOcaVPpt3lvu+XtEMLxhrgqukIIb30dQhRCOJOUjSTbgyGEo6FWd+3Oh9dzdT3+8Hjn0dx/WDgdwuTdtaGTE6v31lq/9iiET4v/fvHm/E//6xr68fmdnxEAAAAAAAAAAAAAAAAAgGfJ2JXLV18fGAwPotC9GjX+Xncs2eZatF/fNf/t/IsFAAAAAAAAAAAAAAAAAACAv6it3//nomNNfv8/mmyHW7Rff7Vu56vOxUlnjL92efTcwGCy/nvUUP9SUvTzma7Q12Td9+z672cy7Zuv/954np2qxte1td8borg/iePLbyr7cdzfH8LnycLvJ6JDcbG0VH7hRml5YXbXwnhqpfNfW70/lZ1kQf928z+S6b/z6///q+HTVNm/vnsfsWdaOv9dLY/74oOorfyfzbTbi/yzc+n8d1fLDtYfMFwbACr5/6h7+/yPZvrvVP6PhhByUSXWXGoEqMxhKuWt5iukpfP/t2pZauhM3shW1//jTP7PZfrfr/F/JftFRFPp/P+9WtaTOmLr+u+Lt7/+z2f634/8V+JfSRd2dzaGp1c6/wdqhel3q/pOtjv+j2X671T+r8bVOKsTlvpPwGpUi7/V36sjLZ3/nob6rfu/uK3534VM+z25/6s778b938bw/1xUu/+juSeZ/7dz/Y9n2nV6/B+uzv/YqXT+D1XL0nPn3upju/mfyPTfqfxXZyU9G/nfGk9+P1Ar/8z8ry3p/P+jVhjXH7FSeeipzv+i7ef/FzP9/0n+d+lLoHH+V4l/Jd6d3p916fwfbnlcJf/ftfH9fynTrvPz/xAG/F/fjqXzf6TlcdXrv2f7/E9m2nU6///vZOcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAT4GRZNsborg/tR/H/f0hnE32T4RD0XR+dmq6WJp5dymE0aQ8F45FN4ul6Xxxam6hNFuYyheLpZkQziX1x0NPtFQslafm87fPb/Z1MLpVyC+Wpwv5cghhLCn/Tziy0df0XHk+fzuEcGGz7p9xafH2rfzC1Ozc4isDAwMDYXwzhr6o8H65sFCunb1WG8LEZtveqC64avXFzVgOR++UlhcX8sVq+aW6NsXSTL5Y12Yyqfs49EXlxeWFmXy5MFUs3dw4334aTraj41fevHJpsKH+elTbjuxtWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8oQdDL38SQuiu7cUhhFyUPImSfyn3HxZOT/02eXdt6OTE6r21R82OAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAPduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrBL/ygNBFEcgN+MhZYew2rZ7WxXFNHCFcET6DE8jB7FS3gHixRpU4RAMgth/8A2SfV9zYP5MfMezAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFju8a17f62biBRX28uI38+//+P8udTvu+n7F2eYkdN5eunuH+qm/Hsa5bflaNXmfbpZf33ERO39DPZkuE8H4z5Dc/s2N1/f9zpSriKiLflNyrmqlr0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALBjBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwLAAAAAAgzN86ir4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAXwEAAP//xX0hlw==")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000002880)=""/4081, 0xff1)

1.61111753s ago: executing program 2 (id=1012):
r0 = syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2)
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f0000000000)=0x2)
ioctl$VIDIOC_S_STD(r0, 0x40085618, &(0x7f0000000080)=0x3200e0)

1.576854929s ago: executing program 5 (id=1013):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f0000000100)={[{@compress}, {@nodatacow}, {@flushoncommit}, {@noacl}, {@nobarrier}, {@autodefrag}, {@subvol={'subvol', 0x3d, '.'}}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x39, 0x65, 0x36]}}, {@discard}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x6a000}], 0x1, 0x7000, 0x0, 0x3)

1.368226441s ago: executing program 4 (id=1014):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xf2, 0x30, 0x39, 0x20, 0x2c42, 0x1202, 0x8540, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xc, 0x2, 0x2, 0xc1, 0x7f, 0xc, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000c80)={0x34, &(0x7f0000000080)={0x0, 0x12, 0x1, "b8"}, 0x0, 0x0, 0x0, 0x0, 0x0})

1.200260144s ago: executing program 2 (id=1015):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0xe}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)

1.110140732s ago: executing program 3 (id=1016):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)={0x34, r1, 0x1, 0x0, 0x25dfdbfb, {0x36}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0)

816.579268ms ago: executing program 2 (id=1017):
syz_mount_image$udf(&(0x7f0000000040), &(0x7f0000000500)='./file0\x00', 0x18008, &(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRESDEC], 0xfe, 0x4b1, &(0x7f0000001d00)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==")
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000140)='.pending_reads\x00', 0x1a10c1, 0x9c37611dc13d0d83)
fchown(r0, 0xee01, 0x0)

728.303481ms ago: executing program 3 (id=1018):
r0 = add_key$fscrypt_provisioning(&(0x7f0000000980), &(0x7f00000009c0)={'syz', 0x3}, &(0x7f0000000a00)=ANY=[@ANYBLOB="02"], 0x48, 0xfffffffffffffffe)
keyctl$setperm(0x5, r0, 0x8021000)
keyctl$set_timeout(0xf, r0, 0xf91)

470.909823ms ago: executing program 3 (id=1019):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000000)="38000300010003", 0x7)

341.368855ms ago: executing program 0 (id=1020):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000000000010961b080000000000000109022400010000000109040000010300000009210000000122070009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000140)={0x0, 0xa, 0x11, {0x11, 0x6, "e694a93126f1caa83753d74781ec34"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

279.005079ms ago: executing program 2 (id=1021):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x3f, &(0x7f0000000080)=0x1, 0x4)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x197a, 0x4)

335.596µs ago: executing program 2 (id=1022):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)

0s ago: executing program 3 (id=1023):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_HASH_SREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_HASH_LEN={0x8, 0x3, 0x1, 0x0, 0x8f}, @NFTA_HASH_MODULUS={0x8, 0x4, 0x1, 0x0, 0x4}, @NFTA_HASH_DREG={0x8, 0x2, 0x1, 0x0, 0x11}, @NFTA_HASH_OFFSET={0x8, 0x6, 0x1, 0x0, 0xfffffff9}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0)

kernel console output (not intermixed with test programs):

d(block 73) failed
[  129.446004][  T970] usb 2-1: USB disconnect, device number 5
[  129.884234][  T968] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  130.103625][   T25] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  130.111313][  T968] usb 5-1: Using ep0 maxpacket: 32
[  130.126871][  T968] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  130.131917][ T6524] loop2: detected capacity change from 0 to 32768
[  130.159747][  T968] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  130.185417][  T968] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  130.200581][  T968] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.226208][  T968] usb 5-1: config 0 descriptor??
[  130.274231][   T25] usb 6-1: Using ep0 maxpacket: 8
[  130.298483][   T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  130.302479][ T6524] 
[  130.302479][ T6524]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  130.302479][ T6524] 
[  130.345639][   T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  130.396869][   T25] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  130.440718][   T25] usb 6-1: New USB device found, idVendor=04fc, idProduct=05d8, bcdDevice= 0.00
[  130.460386][   T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.476087][ T5829] 
[  130.476087][ T5829]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  130.476087][ T5829] 
[  130.493074][   T25] usb 6-1: config 0 descriptor??
[  130.513230][ T5829] 
[  130.513230][ T5829]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  130.513230][ T5829] 
[  130.712385][  T968] ft260 0003:0403:6030.0008: unknown main item tag 0x0
[  130.889306][  T968] ft260 0003:0403:6030.0008: failed to retrieve chip version
[  130.908149][  T968] ft260 0003:0403:6030.0008: probe with driver ft260 failed with error -71
[  130.939941][   T25] sunplus 0003:04FC:05D8.0009: item fetching failed at offset 5/7
[  130.951805][  T968] usb 5-1: USB disconnect, device number 4
[  130.962500][   T25] sunplus 0003:04FC:05D8.0009: probe with driver sunplus failed with error -22
[  131.179233][  T968] usb 6-1: USB disconnect, device number 4
[  131.283477][ T6535] loop1: detected capacity change from 0 to 32768
[  131.320456][ T6535] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.235 (6535)
[  131.333611][   T25] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  131.387691][ T6535] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  131.399668][ T6535] BTRFS info (device loop1): using sha256 (sha256-ni) checksum algorithm
[  131.417836][ T6535] BTRFS info (device loop1): using free-space-tree
[  131.516053][   T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  131.534970][   T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  131.550810][   T25] usb 3-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[  131.636316][   T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.681858][ T6535] BTRFS info (device loop1): rebuilding free space tree
[  131.698109][   T25] usb 3-1: config 0 descriptor??
[  131.811608][ T6541] loop3: detected capacity change from 0 to 32768
[  131.878815][ T6541] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.239 (6541)
[  131.962837][ T6541] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  132.026576][ T6541] BTRFS info (device loop3): using sha256 (sha256-ni) checksum algorithm
[  132.080293][ T6541] BTRFS info (device loop3): using free-space-tree
[  132.207076][ T5837] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  132.264970][   T25] prodikeys 0003:041E:2801.000A: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.2-1/input0
[  132.483469][   T25] usb 3-1: USB disconnect, device number 3
[  132.794501][ T5832] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  133.024706][ T6598] loop0: detected capacity change from 0 to 1024
[  133.086799][ T6598] hfsplus: invalid attributes max_key_len 0
[  133.093672][ T6598] hfsplus: failed to load attributes file
[  134.230877][ T6592] loop4: detected capacity change from 0 to 32768
[  134.364562][ T6592] JBD2: Ignoring recovery information on journal
[  134.608719][ T6592] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  134.821414][ T6643] loop0: detected capacity change from 0 to 256
[  134.834248][ T6592] (syz.4.247,6592,1):ocfs2_reflink_ioctl:4420 ERROR: status = -14
[  134.914152][ T5890] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  134.933404][ T6646] capability: warning: `syz.5.271' uses deprecated v2 capabilities in a way that may be insecure
[  134.975099][ T6643] FAT-fs (loop0): Directory bread(block 64) failed
[  135.004208][ T6643] FAT-fs (loop0): Directory bread(block 65) failed
[  135.011968][ T6643] FAT-fs (loop0): Directory bread(block 66) failed
[  135.036247][ T6643] FAT-fs (loop0): Directory bread(block 67) failed
[  135.064905][ T6643] FAT-fs (loop0): Directory bread(block 68) failed
[  135.081860][ T6643] FAT-fs (loop0): Directory bread(block 69) failed
[  135.095157][ T5890] usb 2-1: Using ep0 maxpacket: 8
[  135.115512][ T6643] FAT-fs (loop0): Directory bread(block 70) failed
[  135.125314][ T5890] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  135.154898][ T6643] FAT-fs (loop0): Directory bread(block 71) failed
[  135.164204][ T5890] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  135.184675][ T6643] FAT-fs (loop0): Directory bread(block 72) failed
[  135.191292][ T6643] FAT-fs (loop0): Directory bread(block 73) failed
[  135.204509][ T5890] usb 2-1: New USB device found, idVendor=18d1, idProduct=9400, bcdDevice= 0.00
[  135.231456][ T5890] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.263044][ T5838] ocfs2: Unmounting device (7,4) on (node local)
[  135.285484][ T5890] usb 2-1: config 0 descriptor??
[  135.317070][ T6650] loop2: detected capacity change from 0 to 4096
[  135.384545][ T6650] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[  135.531945][ T6654] loop3: detected capacity change from 0 to 4096
[  135.666386][ T6656] tmpfs: Cannot change global quota limit on remount
[  135.716203][ T5890] stadia 0003:18D1:9400.000B: item fetching failed at offset 5/7
[  135.734455][ T6650] ntfs3(loop2): failed to convert "c46c" to macceltic
[  135.754846][ T5890] stadia 0003:18D1:9400.000B: parse failed
[  135.760789][ T5890] stadia 0003:18D1:9400.000B: probe with driver stadia failed with error -22
[  135.797009][ T6654] ntfs3(loop3): failed to convert "0080" to cp865
[  135.885128][ T6654] ntfs3(loop3): failed to convert name for inode 1e.
[  135.901956][ T6658] atomic_op ffff8880327b4198 conn xmit_atomic 0000000000000000
[  136.002513][ T5890] usb 2-1: USB disconnect, device number 6
[  136.449347][ T6672] loop5: detected capacity change from 0 to 2048
[  136.533780][ T6672] UDF-fs: error (device loop5): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  136.620172][ T6672] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  137.028288][ T6679] loop3: detected capacity change from 0 to 4096
[  137.075615][ T6679] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[  137.614754][ T1287] ieee802154 phy0 wpan0: encryption failed: -22
[  137.621457][ T1287] ieee802154 phy1 wpan1: encryption failed: -22
[  137.641277][ T6669] loop4: detected capacity change from 0 to 32768
[  137.775727][ T6669] JBD2: Ignoring recovery information on journal
[  137.781824][ T6692] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  137.917797][ T6669] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  138.108896][ T6703] loop0: detected capacity change from 0 to 256
[  138.145070][ T5891] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  138.276934][ T5838] ocfs2: Unmounting device (7,4) on (node local)
[  138.344177][ T5891] usb 4-1: Using ep0 maxpacket: 32
[  138.355042][ T5891] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  138.384495][ T5891] usb 4-1: config 0 has no interface number 0
[  138.391989][ T6680] loop1: detected capacity change from 0 to 32768
[  138.403248][ T6708] netlink: 8 bytes leftover after parsing attributes in process `syz.5.300'.
[  138.429448][ T5891] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  138.440900][ T6708] netlink: 4 bytes leftover after parsing attributes in process `syz.5.300'.
[  138.450210][ T5891] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  138.485447][ T6708] netlink: 'syz.5.300': attribute type 11 has an invalid length.
[  138.493350][ T5891] usb 4-1: Product: syz
[  138.498046][ T5891] usb 4-1: Manufacturer: syz
[  138.503088][ T5891] usb 4-1: SerialNumber: syz
[  138.520780][ T6680] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[  138.535181][ T5891] usb 4-1: config 0 descriptor??
[  138.577453][ T5891] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  138.656385][ T6680] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  138.710373][ T6711] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition
[  138.740491][ T6711] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0)
[  138.760007][ T6711] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition
[  138.789904][ T6711] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0)
[  138.819178][ T5891] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  138.824345][   T29] audit: type=1800 audit(1737318280.734:4): pid=6680 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.287" name="file1" dev="loop1" ino=17058 res=0 errno=0
[  138.855514][ T5891] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  139.051559][ T5837] ocfs2: Unmounting device (7,1) on (node local)
[  139.275963][    C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[  139.285993][  T970] usb 4-1: USB disconnect, device number 10
[  139.333660][  T970] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  139.365813][  T970] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  139.404752][  T970] quatech2 4-1:0.51: device disconnected
[  139.528072][ T6730] loop4: detected capacity change from 0 to 256
[  139.559711][ T6730] exfat: Deprecated parameter 'utf8'
[  139.589312][ T6730] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x5b52992a, utbl_chksum : 0xe619d30d)
[  139.794311][   T25] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  139.966629][   T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  140.017733][   T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  140.049576][   T25] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  140.088521][   T25] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2c24, bcdDevice= 0.00
[  140.099041][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  140.164301][   T25] usb 2-1: config 0 descriptor??
[  140.188195][ T6742] loop2: detected capacity change from 0 to 1024
[  140.520295][ T6751] loop3: detected capacity change from 0 to 128
[  140.543448][ T6752] loop0: detected capacity change from 0 to 1024
[  140.555468][   T12] hfsplus: b-tree write err: -5, ino 4
[  140.614515][   T25] pyra 0003:1E7D:2C24.000C: hidraw0: USB HID v0.00 Device [HID 1e7d:2c24] on usb-dummy_hcd.1-1/input0
[  140.633502][ T6751] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  140.690440][ T6751] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  140.740482][   T29] audit: type=1800 audit(1737318282.644:5): pid=6752 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.319" name="file1" dev="loop0" ino=20 res=0 errno=0
[  140.863123][   T25] usb 2-1: USB disconnect, device number 7
[  141.294498][ T6770] Bluetooth: MGMT ver 1.23
[  141.821005][ T6784] netlink: 8 bytes leftover after parsing attributes in process `syz.4.333'.
[  141.834157][   T29] audit: type=1326 audit(1737318283.744:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6785 comm="syz.0.334" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc37d785d29 code=0x0
[  141.855739][    C0] vkms_vblank_simulate: vblank timer overrun
[  141.923266][   T29] audit: type=1326 audit(1737318283.834:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6789 comm="syz.2.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034dd85d29 code=0x7ffc0000
[  142.033054][   T29] audit: type=1326 audit(1737318283.864:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6789 comm="syz.2.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034dd85d29 code=0x7ffc0000
[  142.055293][    C0] vkms_vblank_simulate: vblank timer overrun
[  142.133591][   T29] audit: type=1326 audit(1737318283.884:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6789 comm="syz.2.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f034dd85d29 code=0x7ffc0000
[  142.155733][    C0] vkms_vblank_simulate: vblank timer overrun
[  142.250663][   T29] audit: type=1326 audit(1737318283.884:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6789 comm="syz.2.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034dd85d29 code=0x7ffc0000
[  142.272930][    C0] vkms_vblank_simulate: vblank timer overrun
[  142.364286][   T29] audit: type=1326 audit(1737318283.894:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6789 comm="syz.2.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=145 compat=0 ip=0x7f034dd85d29 code=0x7ffc0000
[  142.379298][ T6803] netlink: 4 bytes leftover after parsing attributes in process `syz.5.342'.
[  142.386454][    C0] vkms_vblank_simulate: vblank timer overrun
[  142.444346][   T29] audit: type=1326 audit(1737318283.894:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6789 comm="syz.2.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f034dd85d29 code=0x7ffc0000
[  142.494139][  T968] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  142.702176][  T968] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  142.723624][  T968] usb 5-1: New USB device found, idVendor=0c70, idProduct=f003, bcdDevice= 0.00
[  142.755789][  T968] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.773205][ T6811] loop5: detected capacity change from 0 to 256
[  142.795506][  T968] usb 5-1: config 0 descriptor??
[  143.282188][  T968] aquacomputer_d5next 0003:0C70:F003.000D: unknown main item tag 0x0
[  143.333621][  T968] aquacomputer_d5next 0003:0C70:F003.000D: hidraw0: USB HID v0.00 Device [HID 0c70:f003] on usb-dummy_hcd.4-1/input0
[  143.547336][ T5891] usb 5-1: USB disconnect, device number 5
[  143.744335][    T8] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  143.888721][ T5198] udevd[5198]: worker [6396] terminated by signal 33 (Unknown signal 33)
[  143.909175][ T5198] udevd[5198]: worker [6396] failed while handling '/devices/virtual/block/loop3'
[  143.944247][    T8] usb 3-1: Using ep0 maxpacket: 32
[  143.960201][    T8] usb 3-1: unable to get BOS descriptor or descriptor too short
[  144.002327][    T8] usb 3-1: config 1 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  144.042978][    T8] usb 3-1: config 1 interface 0 has no altsetting 0
[  144.080421][    T8] usb 3-1: New USB device found, idVendor=05ac, idProduct=022a, bcdDevice= 0.40
[  144.114048][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.153400][    T8] usb 3-1: Product: syz
[  144.162226][    T8] usb 3-1: Manufacturer: syz
[  144.187587][    T8] usb 3-1: SerialNumber: syz
[  144.241534][ T6845] loop5: detected capacity change from 0 to 2048
[  144.316863][ T6845] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  144.936811][    T8] appletouch 3-1:1.0: Failed to request geyser raw mode
[  144.955806][    T8] appletouch 3-1:1.0: probe with driver appletouch failed with error -5
[  144.979289][    T8] usb 3-1: USB disconnect, device number 4
[  145.031566][ T6864] loop5: detected capacity change from 0 to 1024
[  145.107306][ T6864] hfsplus: failed to load catalog file
[  145.444752][ T6874] loop5: detected capacity change from 0 to 64
[  145.594286][  T968] usb 4-1: new low-speed USB device number 11 using dummy_hcd
[  145.768312][  T968] usb 4-1: No LPM exit latency info found, disabling LPM.
[  145.796674][  T968] usb 4-1: config 1 interface 0 altsetting 2 endpoint 0x1 is Bulk; changing to Interrupt
[  145.853268][  T968] usb 4-1: config 1 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  145.884120][  T968] usb 4-1: config 1 interface 0 has no altsetting 0
[  145.926939][  T968] usb 4-1: string descriptor 0 read error: -22
[  145.933556][  T968] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  145.971102][  T968] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.007841][ T6870] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  146.112032][ T6884] overlayfs: conflicting options: nfs_export=on,metacopy=on
[  146.280383][  T968] usb 4-1: USB disconnect, device number 11
[  146.429318][ T6888] ebtables: ebtables: counters copy to user failed while replacing table
[  146.900928][ T6901] loop5: detected capacity change from 0 to 4096
[  146.955833][ T6901] ntfs3(loop5): Different NTFS sector size (1024) and media sector size (512).
[  147.154280][ T6908] tipc: Started in network mode
[  147.165927][ T6912] netlink: 24 bytes leftover after parsing attributes in process `syz.0.393'.
[  147.175813][ T5890] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[  147.194416][ T5847] Bluetooth: hci0: command tx timeout
[  147.202600][ T6908] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711
[  147.219516][ T6908] tipc: Enabled bearer <udp:syz0>, priority 10
[  147.264976][ T6910] delete_channel: no stack
[  147.300308][ T6886] loop4: detected capacity change from 0 to 32768
[  147.334982][ T6886] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.381 (6886)
[  147.388841][ T5890] usb 2-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  147.406789][ T5890] usb 2-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[  147.463225][ T5890] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  147.474377][ T6914] netlink: 8 bytes leftover after parsing attributes in process `syz.2.394'.
[  147.506821][ T6886] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  147.554171][ T6886] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm
[  147.562961][ T6886] BTRFS info (device loop4): using free-space-tree
[  147.741597][ T5890] usb 2-1: string descriptor 0 read error: -71
[  147.781114][ T5890] usb 2-1: USB disconnect, device number 8
[  147.803435][ T6886] BTRFS info (device loop4): rebuilding free space tree
[  148.055704][ T5892] udevd[5892]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:32.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  148.217020][    T8] tipc: Node number set to 4269801488
[  148.234667][   T29] audit: type=1326 audit(1737318290.144:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6943 comm="syz.3.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f038cd85d29 code=0x7ffc0000
[  148.256809][    C0] vkms_vblank_simulate: vblank timer overrun
[  148.342996][ T5838] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  148.365504][   T29] audit: type=1326 audit(1737318290.154:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6943 comm="syz.3.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f038cd85d29 code=0x7ffc0000
[  148.387982][   T29] audit: type=1326 audit(1737318290.174:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6943 comm="syz.3.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f038cd85d29 code=0x7ffc0000
[  148.515807][   T29] audit: type=1326 audit(1737318290.174:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6943 comm="syz.3.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f038cd85d29 code=0x7ffc0000
[  148.538112][    C0] vkms_vblank_simulate: vblank timer overrun
[  148.564215][   T25] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  148.629829][   T29] audit: type=1326 audit(1737318290.174:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6943 comm="syz.3.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f038cd85d29 code=0x7ffc0000
[  148.652442][    C0] vkms_vblank_simulate: vblank timer overrun
[  148.730922][   T29] audit: type=1326 audit(1737318290.174:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6943 comm="syz.3.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=18 compat=0 ip=0x7f038cd85d29 code=0x7ffc0000
[  148.753043][    C0] vkms_vblank_simulate: vblank timer overrun
[  148.786037][   T25] usb 1-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[  148.825089][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.861373][   T29] audit: type=1326 audit(1737318290.174:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6943 comm="syz.3.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f038cd85d29 code=0x7ffc0000
[  148.875480][   T25] usb 1-1: config 0 descriptor??
[  148.954058][   T29] audit: type=1326 audit(1737318290.174:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6943 comm="syz.3.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f038cd85d29 code=0x7ffc0000
[  149.264153][   T25] kaweth 1-1:0.0: Firmware present in device.
[  149.414437][   T25] kaweth 1-1:0.0: Statistics collection: 0
[  149.430676][   T25] kaweth 1-1:0.0: Multicast filter limit: 0
[  149.450989][   T25] kaweth 1-1:0.0: MTU: 0
[  149.473200][ T6942] loop2: detected capacity change from 0 to 32768
[  149.493310][   T25] kaweth 1-1:0.0: Read MAC address 00:00:00:00:00:00
[  149.508323][ T6942] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.398 (6942)
[  149.605643][ T6942] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  149.617087][   T25] kaweth 1-1:0.0: probe with driver kaweth failed with error -5
[  149.654263][ T6942] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  149.663069][ T6942] BTRFS info (device loop2): using free-space-tree
[  149.694716][   T25] usb 1-1: USB disconnect, device number 5
[  149.779115][ T6969] loop4: detected capacity change from 0 to 4096
[  149.804745][ T6969] ntfs3(loop4): ino=3, Correct links count -> 2.
[  149.944759][ T6969] ntfs3(loop4): failed to convert "0080" to cp936
[  149.952579][ T6969] ntfs3(loop4): failed to convert name for inode 1e.
[  150.328454][ T5829] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  150.367672][ T6993] loop5: detected capacity change from 0 to 64
[  150.497600][ T6993] hfs: bad catalog folder thread
[  150.545381][ T6997] loop0: detected capacity change from 0 to 512
[  150.553096][ T6997] EXT4-fs: Ignoring removed mblk_io_submit option
[  150.641342][ T6997] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  150.723658][ T6960] loop3: detected capacity change from 0 to 32768
[  150.784334][ T6997] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  151.187424][ T5828] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  151.206153][ T1156] Quota error (device loop0): remove_tree: Cycle in quota tree detected: block 5 index 0
[  151.206430][ T1156] EXT4-fs error (device loop0): ext4_release_dquot:6959: comm kworker/u8:7: Failed to release dquot type 0
[  151.571192][ T7015] can0: slcan on ptm0.
[  151.795630][ T7013] can0 (unregistered): slcan off ptm0.
[  152.234912][ T7035] loop3: detected capacity change from 0 to 164
[  152.255659][ T7037] netlink: 12 bytes leftover after parsing attributes in process `syz.0.436'.
[  152.513247][ T7043] netlink: 8 bytes leftover after parsing attributes in process `syz.4.438'.
[  152.600084][ T7047] loop1: detected capacity change from 0 to 256
[  152.606197][ T7043] erspan0: entered promiscuous mode
[  152.774321][ T7047] FAT-fs (loop1): Directory bread(block 64) failed
[  152.805572][ T7047] FAT-fs (loop1): Directory bread(block 65) failed
[  152.813605][ T7047] FAT-fs (loop1): Directory bread(block 66) failed
[  152.865250][ T7047] FAT-fs (loop1): Directory bread(block 67) failed
[  152.872442][ T7047] FAT-fs (loop1): Directory bread(block 68) failed
[  152.953462][ T7047] FAT-fs (loop1): Directory bread(block 69) failed
[  153.004712][ T7047] FAT-fs (loop1): Directory bread(block 70) failed
[  153.025251][ T7047] FAT-fs (loop1): Directory bread(block 71) failed
[  153.031943][ T7047] FAT-fs (loop1): Directory bread(block 72) failed
[  153.104315][ T5891] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  153.104797][ T7047] FAT-fs (loop1): Directory bread(block 73) failed
[  153.274237][ T5891] usb 6-1: Using ep0 maxpacket: 8
[  153.340233][ T5891] usb 6-1: config 0 interface 0 altsetting 112 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  153.362333][ T5891] usb 6-1: config 0 interface 0 altsetting 112 endpoint 0x81 has invalid wMaxPacketSize 0
[  153.414377][ T5891] usb 6-1: config 0 interface 0 has no altsetting 0
[  153.422256][ T5891] usb 6-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice=11.00
[  153.509080][ T5891] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.585414][ T5891] usb 6-1: config 0 descriptor??
[  154.067501][ T5891] kye 0003:0458:0153.000E: bogus close delimiter
[  154.109466][ T5891] kye 0003:0458:0153.000E: item 0 2 2 10 parsing failed
[  154.151079][ T5891] kye 0003:0458:0153.000E: parse failed
[  154.185444][ T5891] kye 0003:0458:0153.000E: probe with driver kye failed with error -22
[  154.376416][  T968] usb 6-1: USB disconnect, device number 5
[  154.534429][ T7051] loop0: detected capacity change from 0 to 32768
[  154.574424][ T7051] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.440 (7051)
[  154.593055][   T29] audit: type=1326 audit(1737318296.504:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7092 comm="syz.4.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16c185d29 code=0x7ffc0000
[  154.708961][ T7051] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  154.726122][   T29] audit: type=1326 audit(1737318296.504:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7092 comm="syz.4.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16c185d29 code=0x7ffc0000
[  154.801665][ T7051] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[  154.855628][   T29] audit: type=1326 audit(1737318296.534:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7092 comm="syz.4.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=4 compat=0 ip=0x7fc16c185d29 code=0x7ffc0000
[  154.882035][ T7051] BTRFS info (device loop0): disk space caching is enabled
[  154.941430][ T7051] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  154.977169][   T29] audit: type=1326 audit(1737318296.534:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7092 comm="syz.4.456" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc16c185d29 code=0x7ffc0000
[  155.244176][ T7123] IPVS: sync thread started: state = MASTER, mcast_ifn = bridge_slave_0, syncid = 1, id = 0
[  155.293515][ T7128] loop5: detected capacity change from 0 to 512
[  155.305536][ T5891] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  155.323744][ T7051] BTRFS info (device loop0): rebuilding free space tree
[  155.415577][ T7051] BTRFS info (device loop0): disabling free space tree
[  155.436050][ T7051] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  155.494607][ T7051] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  155.505094][ T5891] usb 5-1: Using ep0 maxpacket: 8
[  155.551882][ T5891] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 7
[  155.605310][ T7128] EXT4-fs error (device loop5): ext4_validate_block_bitmap:440: comm syz.5.462: bg 0: block 393: padding at end of block bitmap is not set
[  155.636708][ T5891] usb 5-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  155.684920][ T5891] usb 5-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  155.693119][ T5891] usb 5-1: Product: syz
[  155.714315][ T7128] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6550: Corrupt filesystem
[  155.734039][ T5891] usb 5-1: Manufacturer: syz
[  155.738739][ T5891] usb 5-1: SerialNumber: syz
[  155.804272][ T7128] EXT4-fs (loop5): 2 truncates cleaned up
[  155.842768][ T7128] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  155.888399][ T5828] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  155.958477][   T29] audit: type=1800 audit(1737318297.874:25): pid=7128 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.462" name="file1" dev="loop5" ino=15 res=0 errno=0
[  156.035936][ T5891] usb 5-1: Handspring Visor / Palm OS: No valid connect info available
[  156.072858][ T5891] usb 5-1: Handspring Visor / Palm OS: port 0, is for unknown use
[  156.094444][ T5891] usb 5-1: Handspring Visor / Palm OS: port 0, is for Generic use
[  156.102540][ T5891] usb 5-1: Handspring Visor / Palm OS: Number of ports: 2
[  156.208044][ T5826] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  156.252031][ T5891] usb 5-1: palm_os_3_probe - error -71 getting bytes available request
[  156.281001][ T5891] visor 5-1:1.0: Handspring Visor / Palm OS converter detected
[  156.328023][ T5891] usb 5-1: Handspring Visor / Palm OS converter now attached to ttyUSB0
[  156.396365][ T5891] usb 5-1: Handspring Visor / Palm OS converter now attached to ttyUSB1
[  156.457419][ T5891] usb 5-1: USB disconnect, device number 6
[  156.516998][ T5891] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
[  156.588041][ T5891] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
[  156.599869][ T7149] netlink: 4 bytes leftover after parsing attributes in process `syz.5.469'.
[  156.644985][ T5891] visor 5-1:1.0: device disconnected
[  157.426375][ T7165] netlink: 'syz.3.476': attribute type 9 has an invalid length.
[  157.466707][ T7165] netlink: 201392 bytes leftover after parsing attributes in process `syz.3.476'.
[  157.662701][ T7133] loop2: detected capacity change from 0 to 40427
[  157.684754][ T7133] F2FS-fs (loop2): build fault injection attr: rate: 771, type: 0x1fffff
[  157.701034][ T7133] F2FS-fs (loop2): invalid crc value
[  157.753471][ T7133] F2FS-fs (loop2): Found nat_bits in checkpoint
[  157.934422][ T5890] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  157.982098][ T7181] loop3: detected capacity change from 0 to 256
[  158.034115][ T7133] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  158.133490][ T5890] usb 6-1: too many configurations: 89, using maximum allowed: 8
[  158.206973][ T5890] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  158.224098][ T5890] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.232186][ T5890] usb 6-1: Product: syz
[  158.261134][ T5890] usb 6-1: Manufacturer: syz
[  158.271335][ T5890] usb 6-1: SerialNumber: syz
[  158.291310][ T5890] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  158.363202][  T968] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  158.427756][ T5829] syz-executor: attempt to access beyond end of device
[  158.427756][ T5829] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  158.523734][ T5829] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  158.722083][ T5891] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  158.754549][ T7195] netlink: 8 bytes leftover after parsing attributes in process `syz.0.490'.
[  158.774073][ T7195] IPVS: Error joining to the multicast group
[  158.924262][ T5891] usb 4-1: Using ep0 maxpacket: 32
[  158.945733][ T5891] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[  158.976054][ T5891] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  158.990163][ T7193] loop4: detected capacity change from 0 to 4096
[  159.003928][ T5891] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[  159.027122][ T7193] ntfs3(loop4): Different NTFS sector size (2048) and media sector size (512).
[  159.051406][ T5891] usb 4-1: config 1 has no interface number 0
[  159.092146][ T5891] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  159.154414][ T5891] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  159.209000][ T7193] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  159.234471][ T5891] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  159.284424][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.430513][ T5891] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[  159.708918][ T5891] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now attached
[  160.298255][ T5891] usb 4-1: USB disconnect, device number 12
[  160.310542][ T5890] usb 6-1: USB disconnect, device number 6
[  160.320566][  T968] usb 6-1: Service connection timeout for: 256
[  160.330913][  T968] ath9k_htc 6-1:1.0: ath9k_htc: Unable to initialize HTC services
[  160.343796][  T968] ath9k_htc: Failed to initialize the device
[  160.351334][ T5890] usb 6-1: ath9k_htc: USB layer deinitialized
[  160.357424][ T5891] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[  160.542828][ T7187] loop1: detected capacity change from 0 to 32768
[  160.578396][ T7187] XFS: ikeep mount option is deprecated.
[  160.646209][ T7187] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  160.659482][ T7212] loop0: detected capacity change from 0 to 164
[  160.758768][ T7216] trusted_key: encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false
[  161.028607][ T7187] XFS (loop1): Ending clean mount
[  161.044596][ T7187] XFS (loop1): Quotacheck needed: Please wait.
[  161.136139][ T7187] XFS (loop1): Quotacheck: Done.
[  161.257136][ T5837] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  161.455782][ T7227] netlink: 8 bytes leftover after parsing attributes in process `syz.5.502'.
[  161.540452][ T7227] netlink: 12 bytes leftover after parsing attributes in process `syz.5.502'.
[  162.220151][ T7245] mmap: syz.1.505 (7245): VmData 37449728 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data.
[  162.566299][  T970] usb 3-1: new low-speed USB device number 5 using dummy_hcd
[  162.584861][ T7224] loop3: detected capacity change from 0 to 32768
[  162.746390][  T970] usb 3-1: config 0 has an invalid interface number: 55 but max is 0
[  162.749377][ T7224] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  162.754817][  T970] usb 3-1: config 0 has no interface number 0
[  162.777736][  T970] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  162.788648][  T970] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  162.799712][  T970] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  162.811621][  T970] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  162.833592][ T7224] bcachefs (loop3): initializing new filesystem
[  162.840763][  T970] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  162.865699][ T7236] loop0: detected capacity change from 0 to 32768
[  162.872263][  T970] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  162.909225][ T7224] bcachefs (loop3): going read-write
[  162.938260][  T970] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  162.961831][ T7236] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  162.971232][ T7224] bcachefs (loop3): marking superblocks
[  162.994149][  T970] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.006834][  T970] usb 3-1: config 0 descriptor??
[  163.012989][ T7249] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  163.021204][ T7249] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  163.052444][  T970] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  163.143108][ T7224] bcachefs (loop3): initializing freespace
[  163.183349][ T7224] bcachefs (loop3): done initializing freespace
[  163.242897][ T7236] XFS (loop0): Ending clean mount
[  163.258256][ T7224] bcachefs (loop3): reading snapshots table
[  163.277714][ T7236] XFS (loop0): Quotacheck needed: Please wait.
[  163.322350][ T7224] bcachefs (loop3): reading snapshots done
[  163.412413][ T7236] XFS (loop0): Quotacheck: Done.
[  163.432728][ T7224] bcachefs (loop3): done starting filesystem
[  163.525268][  T968] usb 3-1: USB disconnect, device number 5
[  163.586484][  T968] ldusb 3-1:0.55: LD USB Device #0 now disconnected
[  163.652744][ T5828] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  163.794855][ T7224] syz.3.500 (7224) used greatest stack depth: 17888 bytes left
[  163.844461][ T5832] bcachefs (loop3): shutting down
[  163.849587][ T5832] bcachefs (loop3): going read-only
[  163.855364][ T5832] bcachefs (loop3): finished waiting for writes to stop
[  163.894592][  T970] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  163.896017][ T5832] bcachefs (loop3): flushing journal and stopping allocators, journal seq 2
[  164.006140][ T5832] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 5
[  164.112718][  T970] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  164.134697][ T5832] bcachefs (loop3): shutdown complete, journal seq 6
[  164.149023][ T5832] bcachefs (loop3): marking filesystem clean
[  164.151386][  T970] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  164.204117][  T970] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  164.251085][  T970] usb 6-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00
[  164.281035][  T970] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  164.316579][  T970] usb 6-1: config 0 descriptor??
[  164.343535][ T5832] bcachefs (loop3): shutdown complete
[  164.366287][ T7293] loop1: detected capacity change from 0 to 4096
[  164.384501][ T5895] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[  164.393453][ T7293] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  164.412809][ T7293] ntfs3(loop1): It is recommened to use chkdsk.
[  164.567259][ T5895] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  164.600531][ T5895] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  164.639136][ T5895] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  164.664202][ T5895] usb 5-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00
[  164.673573][ T5895] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  164.705588][ T5895] usb 5-1: config 0 descriptor??
[  164.711370][ T7294] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  164.774170][  T970] hid-udraw 0003:20D6:CB17.000F: item fetching failed at offset 5/7
[  164.793210][  T970] hid-udraw 0003:20D6:CB17.000F: parse failed
[  164.824568][  T970] hid-udraw 0003:20D6:CB17.000F: probe with driver hid-udraw failed with error -22
[  165.063632][ T5894] usb 6-1: USB disconnect, device number 7
[  165.175845][ T5895] aureal 0003:0755:2626.0010: fixing Aureal Cy se W-01RN USB_V3.1 report descriptor.
[  165.227810][ T5895] aureal 0003:0755:2626.0010: unknown main item tag 0x6
[  165.244992][ T5895] aureal 0003:0755:2626.0010: report_id 29495 is invalid
[  165.262629][ T5895] aureal 0003:0755:2626.0010: item 0 2 1 8 parsing failed
[  165.275098][ T5895] aureal 0003:0755:2626.0010: probe with driver aureal failed with error -22
[  165.440189][ T5890] usb 5-1: USB disconnect, device number 7
[  165.595762][ T7305] loop0: detected capacity change from 0 to 32768
[  166.371368][ T7307] loop1: detected capacity change from 0 to 32768
[  166.428855][ T7307] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.532 (7307)
[  166.467762][ T7321] netlink: 8 bytes leftover after parsing attributes in process `syz.4.538'.
[  166.497765][ T7322] loop2: detected capacity change from 0 to 128
[  166.505709][ T7321] nbd: socks must be embedded in a SOCK_ITEM attr
[  166.513713][ T7307] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  166.584236][ T7322] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  166.599511][ T7324] loop0: detected capacity change from 0 to 4096
[  166.619818][ T7307] BTRFS info (device loop1): using sha256 (sha256-ni) checksum algorithm
[  166.628956][ T7307] BTRFS info (device loop1): using free-space-tree
[  166.658783][ T7324] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  166.704788][ T7322] ext4 filesystem being mounted at /92/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  166.766566][ T7324] ntfs3(loop0): Failed to load $Extend (-22).
[  166.787013][ T7324] ntfs3(loop0): Failed to initialize $Extend.
[  166.962652][ T5829] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  167.082933][ T5837] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  167.197799][ T7323] Process accounting resumed
[  167.332411][ T7345] loop4: detected capacity change from 0 to 4096
[  167.667411][ T7345] ntfs3(loop4): failed to convert "0080" to maccyrillic
[  167.729113][ T7345] ntfs3(loop4): failed to convert name for inode 1e.
[  167.981650][ T7360] loop1: detected capacity change from 0 to 512
[  168.045091][ T7360] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  168.186563][ T7360] EXT4-fs (loop1): 1 truncate cleaned up
[  168.215457][ T7360] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  168.392958][ T7368] netlink: 16 bytes leftover after parsing attributes in process `syz.3.550'.
[  168.600671][ T5837] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.744128][ T5895] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  168.826041][ T7378] capability: warning: `syz.2.554' uses 32-bit capabilities (legacy support in use)
[  168.932294][ T7350] loop5: detected capacity change from 0 to 32768
[  168.955149][ T5895] usb 1-1: New USB device found, idVendor=0582, idProduct=008d, bcdDevice=7a.ac
[  168.994169][ T5895] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.002361][ T5895] usb 1-1: Product: syz
[  169.007981][ T5895] usb 1-1: Manufacturer: syz
[  169.012647][ T5895] usb 1-1: SerialNumber: syz
[  169.015259][ T7350] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  169.021463][ T5895] usb 1-1: config 0 descriptor??
[  169.034203][   T46] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  169.040987][ T5895] usb 1-1: interface 1 not found
[  169.118229][ T7381] loop4: detected capacity change from 0 to 4096
[  169.203170][ T7350] XFS (loop5): Ending clean mount
[  169.204880][   T46] usb 4-1: Using ep0 maxpacket: 16
[  169.211904][   T46] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0
[  169.211961][   T46] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  169.212015][   T46] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid wMaxPacketSize 0
[  169.212061][   T46] usb 4-1: config 0 interface 0 has no altsetting 0
[  169.224161][   T46] usb 4-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  169.224217][   T46] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.224259][   T46] usb 4-1: Product: syz
[  169.224290][   T46] usb 4-1: Manufacturer: syz
[  169.224322][   T46] usb 4-1: SerialNumber: syz
[  169.261154][   T46] usb 4-1: config 0 descriptor??
[  169.314806][ T5895] usb 1-1: USB disconnect, device number 6
[  169.503807][   T46] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input13
[  169.509314][ T5183] synaptics_usb 4-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  169.554160][ T5183] synaptics_usb 4-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  169.565157][ T5183] synaptics_usb 4-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  169.570394][ T5183] synaptics_usb 4-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  169.608382][ T5826] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  169.727141][ T7375] synaptics_usb 4-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  169.761580][  T968] usb 4-1: USB disconnect, device number 13
[  170.143525][ T7403] loop2: detected capacity change from 0 to 256
[  170.223437][ T7403] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  170.345581][ T7407] loop1: detected capacity change from 0 to 64
[  171.052419][ T7430] loop2: detected capacity change from 0 to 1024
[  171.084664][ T7430] EXT4-fs: Ignoring removed nomblk_io_submit option
[  171.193205][ T7430] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  171.325711][ T7430] EXT4-fs error (device loop2): __ext4_new_inode:1070: comm syz.2.574: reserved inode found cleared - inode=18
[  171.377853][ T7442] loop1: detected capacity change from 0 to 512
[  171.415577][ T7444] loop3: detected capacity change from 0 to 64
[  171.503940][ T7442] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13
[  171.583137][ T7442] EXT4-fs error (device loop1): ext4_clear_blocks:874: inode #13: comm syz.1.577: attempt to clear invalid blocks 2 len 1
[  171.628383][ T7442] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  171.636752][ T5829] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.694710][ T7442] EXT4-fs error (device loop1): ext4_free_branches:1020: inode #13: comm syz.1.577: invalid indirect mapped block 1819239214 (level 0)
[  171.758194][ T7442] EXT4-fs error (device loop1): ext4_free_branches:1020: inode #13: comm syz.1.577: invalid indirect mapped block 1819239214 (level 1)
[  171.846061][ T7442] EXT4-fs (loop1): 1 truncate cleaned up
[  171.859006][ T7442] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  172.025848][ T7442] EXT4-fs (loop1): Quota file not on filesystem root. Journaled quota will not work
[  172.216020][ T7461] loop3: detected capacity change from 0 to 4096
[  172.218955][ T7456] loop5: detected capacity change from 0 to 4096
[  172.249239][ T7456] ntfs3(loop5): Different NTFS sector size (2048) and media sector size (512).
[  172.271821][ T5837] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.314205][ T7465] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  172.387363][ T7456] ntfs3(loop5): Mark volume as dirty due to NTFS errors
[  172.840041][ T7474] netlink: 'syz.0.592': attribute type 10 has an invalid length.
[  172.935495][ T7474] 8021q: adding VLAN 0 to HW filter on device batadv0
[  172.977122][ T7474] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  173.124513][ T7478] loop2: detected capacity change from 0 to 4096
[  173.202639][ T7478] NILFS (loop2): invalid segment: Checksum error in segment payload
[  173.254176][ T7478] NILFS (loop2): trying rollback from an earlier position
[  173.344509][ T7478] NILFS (loop2): recovery complete
[  173.372789][ T7491] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  173.462753][ T7493] loop0: detected capacity change from 0 to 16
[  173.484735][ T7493] erofs (device loop0): mounted with root inode @ nid 36.
[  173.641013][ T7495] loop4: detected capacity change from 0 to 256
[  173.870426][ T7501] netlink: 8 bytes leftover after parsing attributes in process `syz.0.603'.
[  174.386752][ T7517] syz.0.612 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  174.524329][ T5895] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  174.723106][ T5895] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x92, changing to 0x82
[  174.777758][ T5895] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  174.835026][ T5895] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  174.885057][ T5895] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  174.945914][ T5895] usb 6-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f
[  174.984267][ T5895] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.024562][ T5895] usb 6-1: Product: syz
[  175.030059][ T5895] usb 6-1: Manufacturer: syz
[  175.046477][ T5895] usb 6-1: SerialNumber: syz
[  175.067971][ T5895] usb 6-1: config 0 descriptor??
[  175.083264][ T5895] redrat3 6-1:0.0: Couldn't find all endpoints
[  175.113205][ T7532] loop0: detected capacity change from 0 to 256
[  175.344859][  T970] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  175.400330][ T5895] usb 6-1: USB disconnect, device number 8
[  175.483948][ T7514] loop1: detected capacity change from 0 to 32768
[  175.560027][  T970] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  175.581719][ T7514] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  175.591650][  T970] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  175.647966][  T970] usb 4-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  175.669877][  T970] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  175.694967][  T970] usb 4-1: config 0 descriptor??
[  175.897032][ T7514] XFS (loop1): Ending clean mount
[  175.909717][ T7514] XFS (loop1): Quotacheck needed: Please wait.
[  175.932899][ T5895] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  176.051630][ T7514] XFS (loop1): Quotacheck: Done.
[  176.130430][  T970] steelseries 0003:1038:12B6.0011: item fetching failed at offset 5/7
[  176.144052][ T5895] usb 6-1: Using ep0 maxpacket: 16
[  176.158645][ T5895] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  176.169677][  T970] steelseries 0003:1038:12B6.0011: probe with driver steelseries failed with error -22
[  176.184147][ T5895] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  176.214231][ T5895] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x92, changing to 0x82
[  176.223585][ T7529] loop2: detected capacity change from 0 to 32768
[  176.243636][ T5895] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  176.284147][ T5895] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  176.295519][ T7529] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.618 (7529)
[  176.316738][ T5895] usb 6-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=b4.5b
[  176.346683][ T5895] usb 6-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3
[  176.369881][ T5894] usb 4-1: USB disconnect, device number 14
[  176.394131][ T7529] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  176.398490][ T5895] usb 6-1: Product: syz
[  176.432086][ T5895] usb 6-1: Manufacturer: syz
[  176.437221][ T7529] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm
[  176.464281][ T5895] usb 6-1: SerialNumber: syz
[  176.469162][ T7529] BTRFS info (device loop2): using free-space-tree
[  176.473743][ T5837] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  176.492390][ T5895] usb 6-1: config 0 descriptor??
[  176.519049][ T5895] usb 6-1: NFC: intf ffff8880222f1000 id ffffffff8f108600
[  176.570741][ T7537] loop0: detected capacity change from 0 to 32768
[  176.636035][ T7529] BTRFS info (device loop2): rebuilding free space tree
[  176.677572][ T5895] nfcmrvl 6-1:0.0: NFC: registered with nci successfully
[  176.785102][ T5895] usb 6-1: USB disconnect, device number 9
[  176.792358][ T5895] usb 6-1: NFC: intf ffff8880222f1000
[  176.853823][ T7537] ERROR: (device loop0): dbAlloc: the hint is outside the map
[  176.853823][ T7537] 
[  176.914651][ T7537] ERROR: (device loop0): remounting filesystem as read-only
[  176.945974][ T7537] ialloc: diAlloc returned -5!
[  177.281680][ T5829] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  177.654602][ T7589] x_tables: ip_tables: bpf.1 match: invalid size 528 (kernel) != (user) 544
[  177.896314][ T7595] Invalid source name
[  178.034496][   T46] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  178.237984][   T46] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  178.259486][   T46] usb 5-1: config 0 has no interface number 0
[  178.282415][   T46] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  178.328285][   T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.347424][   T46] usb 5-1: Product: syz
[  178.351679][   T46] usb 5-1: Manufacturer: syz
[  178.400680][   T46] usb 5-1: SerialNumber: syz
[  178.428519][   T46] usb 5-1: config 0 descriptor??
[  178.487836][   T29] audit: type=1326 audit(1737318320.404:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7610 comm="syz.5.645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabd4b85d29 code=0x7ffc0000
[  178.517850][ T7613] tipc: Failed to obtain node identity
[  178.544260][ T7613] tipc: Enabling of bearer <ib:caif0> rejected, failed to enable media
[  178.582758][   T29] audit: type=1326 audit(1737318320.414:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7610 comm="syz.5.645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabd4b85d29 code=0x7ffc0000
[  178.604987][    C0] vkms_vblank_simulate: vblank timer overrun
[  178.651820][   T46] usb 5-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  178.699934][   T29] audit: type=1326 audit(1737318320.424:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7610 comm="syz.5.645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fabd4b85d29 code=0x7ffc0000
[  178.722127][    C0] vkms_vblank_simulate: vblank timer overrun
[  178.744351][   T46] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  178.819791][   T46] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  178.859225][   T46] usb 5-1: media controller created
[  178.861933][   T29] audit: type=1326 audit(1737318320.424:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7610 comm="syz.5.645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabd4b85d29 code=0x7ffc0000
[  178.872986][ T7617] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  178.944318][   T29] audit: type=1326 audit(1737318320.424:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7610 comm="syz.5.645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabd4b85d29 code=0x7ffc0000
[  178.968140][   T46] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  178.992425][ T7617] batman_adv: batadv0: Adding interface: gretap1
[  179.014812][ T7617] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  179.044744][   T29] audit: type=1326 audit(1737318320.424:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7610 comm="syz.5.645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7fabd4b85d29 code=0x7ffc0000
[  179.063541][ T7617] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active
[  179.091355][   T46] i2c i2c-1: ec100: i2c rd failed=-71 reg=33
[  179.112327][   T29] audit: type=1326 audit(1737318320.424:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7610 comm="syz.5.645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabd4b85d29 code=0x7ffc0000
[  179.151218][ T7622] veth0_to_team: entered promiscuous mode
[  179.174147][ T7622] veth0_to_team: entered allmulticast mode
[  179.191262][   T29] audit: type=1326 audit(1737318320.424:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7610 comm="syz.5.645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabd4b85d29 code=0x7ffc0000
[  179.201046][   T46] usb 5-1: USB disconnect, device number 8
[  179.314202][   T29] audit: type=1326 audit(1737318321.054:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7623 comm="syz.2.651" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f034dd85d29 code=0x0
[  179.362211][ T7621] loop1: detected capacity change from 0 to 4096
[  179.520984][ T7621] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  179.615270][ T7605] loop3: detected capacity change from 0 to 32768
[  179.648380][ T7621] ntfs3(loop1): ino=1f, "file2" ntfs_rename
[  179.648842][ T7605] btrfs: Deprecated parameter 'usebackuproot'
[  179.663386][ T7629] loop0: detected capacity change from 0 to 512
[  179.699660][ T7629] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  179.702353][ T7605] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  179.782776][ T7629] EXT4-fs (loop0): invalid journal inode
[  179.789271][ T7605] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.642 (7605)
[  179.811187][ T7629] EXT4-fs (loop0): can't get journal size
[  179.859547][ T7605] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  179.905270][ T7629] EXT4-fs (loop0): 1 truncate cleaned up
[  179.912347][ T7629] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  179.934211][ T7605] BTRFS info (device loop3): using sha256 (sha256-ni) checksum algorithm
[  179.943939][ T7605] BTRFS info (device loop3): using free-space-tree
[  180.224722][ T7605] BTRFS info (device loop3): rebuilding free space tree
[  180.296110][ T5828] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  180.305681][ T5890] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  180.414138][   T46] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  180.486358][ T5890] usb 5-1: too many endpoints for config 1 interface 0 altsetting 6: 255, using maximum allowed: 30
[  180.524064][ T5890] usb 5-1: config 1 interface 0 altsetting 6 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  180.553393][ T5890] usb 5-1: config 1 interface 0 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[  180.564626][ T7657] loop0: detected capacity change from 0 to 1024
[  180.580299][ T5832] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  180.594251][ T5890] usb 5-1: config 1 interface 0 has no altsetting 0
[  180.615997][   T46] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  180.644144][   T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.664580][ T5890] usb 5-1: New USB device found, idVendor=16c0, idProduct=05e1, bcdDevice= 0.40
[  180.681839][   T46] usb 2-1: Product: syz
[  180.686473][ T5890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.696289][   T46] usb 2-1: Manufacturer: syz
[  180.704122][ T5890] usb 5-1: Product: syz
[  180.711432][   T46] usb 2-1: SerialNumber: syz
[  180.725049][ T5890] usb 5-1: Manufacturer: syz
[  180.729732][ T5890] usb 5-1: SerialNumber: syz
[  180.759780][   T46] usb 2-1: config 0 descriptor??
[  180.807324][ T7636] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  180.916278][   T52] hfsplus: b-tree write err: -5, ino 4
[  180.998575][ T7633] loop5: detected capacity change from 0 to 32768
[  181.112449][ T5895] usb 2-1: USB disconnect, device number 9
[  181.131824][ T5890] usbhid 5-1:1.0: can't add hid device: -71
[  181.148632][ T5890] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  181.196481][ T7633] JBD2: Ignoring recovery information on journal
[  181.228507][ T5890] usb 5-1: USB disconnect, device number 9
[  181.313515][ T7633] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  181.675653][ T7653] loop2: detected capacity change from 0 to 32768
[  181.723436][ T5826] ocfs2: Unmounting device (7,5) on (node local)
[  181.739844][ T7667] loop3: detected capacity change from 0 to 2048
[  181.831319][ T7667] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  181.833620][ T7653] read_mapping_page failed!
[  181.868214][ T7667] ext4 filesystem being mounted at /94/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  181.879753][ T7653] ERROR: (device loop2): txAbort: 
[  181.879753][ T7653] 
[  181.904037][ T7653] ERROR: (device loop2): remounting filesystem as read-only
[  181.994104][   T29] audit: type=1800 audit(1737318323.904:35): pid=7667 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.662" name="file1" dev="loop3" ino=15 res=0 errno=0
[  182.225422][ T5832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  182.820123][ T7690] loop5: detected capacity change from 0 to 1024
[  182.922035][ T7693] loop2: detected capacity change from 0 to 1764
[  183.055548][ T7693] iso9660: Corrupted directory entry in block 2 of inode 1920
[  183.725428][ T7682] loop3: detected capacity change from 0 to 32768
[  183.758324][ T7682] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.668 (7682)
[  183.843472][ T7682] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  183.878789][ T7682] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  183.916476][ T7682] BTRFS info (device loop3): using free-space-tree
[  183.983094][ T7713] loop4: detected capacity change from 0 to 2048
[  183.983094][ T7710] loop5: detected capacity change from 0 to 4096
[  184.029706][ T7683] loop0: detected capacity change from 0 to 40427
[  184.044686][ T7710] NILFS (loop5): invalid segment: Checksum error in segment payload
[  184.046391][ T7683] F2FS-fs (loop0): invalid crc value
[  184.052726][ T7710] NILFS (loop5): trying rollback from an earlier position
[  184.115864][ T7683] F2FS-fs (loop0): Found nat_bits in checkpoint
[  184.123057][ T7713] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  184.207552][ T7710] NILFS (loop5): recovery complete
[  184.224603][ T7737] netlink: 188 bytes leftover after parsing attributes in process `syz.2.683'.
[  184.233664][ T7737] netlink: 'syz.2.683': attribute type 1 has an invalid length.
[  184.269613][ T7738] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  184.430448][ T7683] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  184.537432][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  184.618259][ T7742] loop1: detected capacity change from 0 to 1024
[  184.624976][ T5832] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  184.687748][ T7744] loop2: detected capacity change from 0 to 8
[  184.725259][ T7744] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  184.824308][ T7744] cramfs: Error -3 while decompressing!
[  184.830599][ T7744] cramfs: ffffffff9a921b18(16)->ffff88804ee09000(4096)
[  184.865468][ T7744] cramfs: Error -3 while decompressing!
[  184.888932][ T7744] cramfs: ffffffff9a921b18(16)->ffff88804ee09000(4096)
[  184.962127][   T29] audit: type=1800 audit(1737318326.864:36): pid=7744 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.686" name="file0" dev="loop2" ino=244 res=0 errno=0
[  185.105890][ T5916] hfsplus: b-tree write err: -5, ino 4
[  185.847678][ T7766] loop4: detected capacity change from 0 to 512
[  185.885074][ T7766] EXT4-fs: Ignoring removed mblk_io_submit option
[  186.008009][ T7766] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  186.124281][ T7766] ext4 filesystem being mounted at /125/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  186.241317][ T7772] [U] ¿ª¬K#¸›LÊÉ„µ˜R
[  186.274800][ T7771] [U] U       
[  186.322310][ T7748] loop5: detected capacity change from 0 to 40427
[  186.364094][ T7748] F2FS-fs (loop5): build fault injection attr: rate: 690, type: 0x1fffff
[  186.404068][ T7748] F2FS-fs (loop5): Image doesn't support compression
[  186.411023][ T7748] F2FS-fs (loop5): Image doesn't support compression
[  186.431800][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  186.446876][   T35] Quota error (device loop4): remove_tree: Cycle in quota tree detected: block 5 index 0
[  186.484408][ T7748] F2FS-fs (loop5): invalid crc value
[  186.509947][   T35] EXT4-fs error (device loop4): ext4_release_dquot:6959: comm kworker/u8:2: Failed to release dquot type 0
[  186.554623][ T7748] F2FS-fs (loop5): Found nat_bits in checkpoint
[  186.560963][ T7777] loop2: detected capacity change from 0 to 512
[  186.612280][ T7777] EXT4-fs: Ignoring removed nomblk_io_submit option
[  186.661795][ T7777] EXT4-fs: Ignoring removed mblk_io_submit option
[  186.755623][ T7777] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  186.763755][ T7777] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2
[  186.783921][ T7781] loop1: detected capacity change from 0 to 4096
[  186.820534][ T7781] NILFS (loop1): invalid segment: Checksum error in segment payload
[  186.909609][ T7748] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  186.935424][ T7777] EXT4-fs (loop2): 1 truncate cleaned up
[  186.941350][ T7781] NILFS (loop1): trying rollback from an earlier position
[  186.945781][ T7777] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  187.030237][ T7781] NILFS (loop1): recovery complete
[  187.056456][ T7785] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  187.134468][ T7775] f2fs_ckpt-7:5: attempt to access beyond end of device
[  187.134468][ T7775] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  187.182274][ T7775] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  187.217409][ T7777] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[  187.296661][ T7758] loop3: detected capacity change from 0 to 32768
[  187.341839][ T7790] loop4: detected capacity change from 0 to 128
[  187.387345][ T7790] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  187.398692][ T5829] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.406029][ T7774] loop0: detected capacity change from 0 to 32768
[  187.419310][ T7758] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  187.434304][ T7774] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.699 (7774)
[  187.507065][ T7774] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  187.554687][ T7790] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  187.614353][ T7774] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  187.675463][ T7774] BTRFS info (device loop0): using free-space-tree
[  187.698423][   T29] audit: type=1800 audit(1737318329.614:37): pid=7790 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.704" name="bus" dev="loop4" ino=125 res=0 errno=0
[  187.954435][ T7758] XFS (loop3): Ending clean mount
[  188.289223][ T5832] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  188.510258][ T5828] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  188.538612][   T29] audit: type=1326 audit(1737318330.454:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7829 comm="syz.1.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7391d85d29 code=0x7ffc0000
[  188.664700][   T29] audit: type=1326 audit(1737318330.454:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7829 comm="syz.1.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7391d85d29 code=0x7ffc0000
[  188.771953][   T29] audit: type=1326 audit(1737318330.514:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7829 comm="syz.1.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=94 compat=0 ip=0x7f7391d85d29 code=0x7ffc0000
[  188.859630][ T7835] loop1: detected capacity change from 0 to 64
[  188.875421][   T29] audit: type=1326 audit(1737318330.514:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7829 comm="syz.1.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7391d85d29 code=0x7ffc0000
[  188.923413][ T7835] Trying to free block not in datazone
[  188.948086][   T29] audit: type=1326 audit(1737318330.514:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7829 comm="syz.1.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7391d85d29 code=0x7ffc0000
[  188.992953][ T7835] Trying to free block not in datazone
[  189.044486][ T7835] Trying to free block not in datazone
[  189.051665][ T7838] Trying to free block not in datazone
[  189.052340][   T29] audit: type=1326 audit(1737318330.514:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7829 comm="syz.1.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=30 compat=0 ip=0x7f7391d85d29 code=0x7ffc0000
[  189.144253][ T5894] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  189.152675][ T7835] Trying to free block not in datazone
[  189.161773][   T29] audit: type=1326 audit(1737318330.514:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7829 comm="syz.1.715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7391d85d29 code=0x7ffc0000
[  189.334206][ T5894] usb 5-1: Using ep0 maxpacket: 16
[  189.351864][ T5894] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  189.398132][ T7844] futex_wake_op: syz.3.719 tries to shift op by -1; fix this program
[  189.410897][ T5894] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  189.474028][ T5894] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  189.514220][ T5894] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice= 0.00
[  189.550796][ T5894] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.584905][ T5894] usb 5-1: config 0 descriptor??
[  190.023188][ T5894] hid (null): invalid report_size 1675959386
[  190.056287][ T5894] shield 0003:0955:7214.0012: invalid report_size 1675959386
[  190.114024][ T5894] shield 0003:0955:7214.0012: item 0 4 1 7 parsing failed
[  190.121777][ T5894] shield 0003:0955:7214.0012: Parse failed
[  190.150745][ T7860] openvswitch: netlink: push_nsh: missing base or metadata attributes
[  190.160117][ T7860] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  190.179319][ T5894] shield 0003:0955:7214.0012: probe with driver shield failed with error -22
[  190.252816][ T5894] usb 5-1: USB disconnect, device number 10
[  190.382254][ T7856] loop1: detected capacity change from 0 to 4096
[  190.430822][ T7856] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  190.610888][ T7856] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  190.765331][ T7868] loop0: detected capacity change from 0 to 1024
[  190.789638][ T7842] loop5: detected capacity change from 0 to 32768
[  190.894374][ T7868] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  190.983948][ T7842] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  191.259695][ T7868] EXT4-fs: Ignoring removed oldalloc option
[  191.268213][ T7868] EXT4-fs: Cannot change journaled quota options when quota turned on
[  191.350327][ T5826] ocfs2: Unmounting device (7,5) on (node local)
[  191.475123][ T5828] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  191.554176][ T5894] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[  191.583888][ T7885] loop4: detected capacity change from 0 to 256
[  191.632854][ T7885] exfat: Deprecated parameter 'namecase'
[  191.679192][ T7887] loop0: detected capacity change from 0 to 256
[  191.697620][ T7885] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  191.738449][ T5894] usb 3-1: too many endpoints for config 1 interface 0 altsetting 6: 255, using maximum allowed: 30
[  191.784306][ T5894] usb 3-1: config 1 interface 0 altsetting 6 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  191.833118][ T5894] usb 3-1: config 1 interface 0 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[  191.873166][ T5894] usb 3-1: config 1 interface 0 has no altsetting 0
[  191.898008][ T5894] usb 3-1: New USB device found, idVendor=16c0, idProduct=05e1, bcdDevice= 0.40
[  191.934611][ T5894] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.953092][ T5894] usb 3-1: Product: syz
[  191.969148][ T5894] usb 3-1: Manufacturer: syz
[  192.022438][ T5894] usb 3-1: SerialNumber: syz
[  192.084332][ T7883] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  192.353155][ T5894] usbhid 3-1:1.0: can't add hid device: -71
[  192.365266][ T5894] usbhid 3-1:1.0: probe with driver usbhid failed with error -71
[  192.445224][ T5894] usb 3-1: USB disconnect, device number 6
[  192.459834][ T7898] loop4: detected capacity change from 0 to 2048
[  192.536567][ T7881] loop1: detected capacity change from 0 to 32768
[  192.592632][ T7903] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  192.607958][ T7881] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.732 (7881)
[  192.670944][ T7881] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  192.735555][ T7881] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  192.769409][ T7881] BTRFS info (device loop1): using free-space-tree
[  193.104677][   T46] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[  193.305357][   T46] usb 1-1: not running at top speed; connect to a high speed hub
[  193.331584][   T46] usb 1-1: config 95 has an invalid interface number: 1 but max is 0
[  193.344086][   T46] usb 1-1: config 95 has no interface number 0
[  193.351810][ T5837] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  193.373242][   T46] usb 1-1: config 95 interface 1 has no altsetting 0
[  193.421201][   T46] usb 1-1: string descriptor 0 read error: -22
[  193.453153][   T46] usb 1-1: New USB device found, idVendor=0763, idProduct=2030, bcdDevice=79.79
[  193.476709][   T46] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  194.151337][ T5895] usb 1-1: USB disconnect, device number 7
[  194.509295][ T7905] loop5: detected capacity change from 0 to 32768
[  194.550367][ T7938] loop4: detected capacity change from 0 to 256
[  194.567485][ T7905] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.745 (7905)
[  194.678227][ T7938] FAT-fs (loop4): Directory bread(block 64) failed
[  194.695740][ T7905] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  194.725013][ T7938] FAT-fs (loop4): Directory bread(block 65) failed
[  194.738844][ T7905] BTRFS info (device loop5): using sha256 (sha256-ni) checksum algorithm
[  194.754762][ T7938] FAT-fs (loop4): Directory bread(block 66) failed
[  194.782411][ T7938] FAT-fs (loop4): Directory bread(block 67) failed
[  194.789705][ T7905] BTRFS info (device loop5): using free-space-tree
[  194.820405][ T7929] loop2: detected capacity change from 0 to 32768
[  194.832131][ T7941] loop1: detected capacity change from 0 to 256
[  194.832798][ T7938] FAT-fs (loop4): Directory bread(block 68) failed
[  194.867087][ T7938] FAT-fs (loop4): Directory bread(block 69) failed
[  194.873786][ T7938] FAT-fs (loop4): Directory bread(block 70) failed
[  194.918792][ T7938] FAT-fs (loop4): Directory bread(block 71) failed
[  194.924184][ T7941] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d)
[  194.938318][ T7938] FAT-fs (loop4): Directory bread(block 72) failed
[  194.955227][ T7929] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  195.014186][ T7938] FAT-fs (loop4): Directory bread(block 73) failed
[  195.299303][ T5829] ocfs2: Unmounting device (7,2) on (node local)
[  195.343266][ T7931] loop3: detected capacity change from 0 to 32768
[  195.376947][ T5826] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  195.706049][  T970] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  195.904156][  T970] usb 1-1: Using ep0 maxpacket: 8
[  195.968522][  T970] usb 1-1: unable to get BOS descriptor or descriptor too short
[  196.005492][  T970] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E
[  196.109392][  T970] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7
[  196.234079][  T970] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  196.260835][ T7965] loop1: detected capacity change from 0 to 32768
[  196.289376][  T970] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  196.316128][ T7965] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  196.325093][ T7965] gfs2: fsid=syz:syz: Now mounting FS (format 1802)...
[  196.363776][  T970] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  196.403314][ T7973] loop5: detected capacity change from 0 to 512
[  196.415384][ T7965] gfs2: fsid=syz:syz.0: can't read journal index: -116
[  196.424384][  T970] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 0
[  196.468969][ T7973] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  196.489897][ T7973] EXT4-fs (loop5): invalid journal inode
[  196.503232][ T7973] EXT4-fs (loop5): can't get journal size
[  196.520781][  T970] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  196.584766][ T7973] EXT4-fs (loop5): 1 truncate cleaned up
[  196.591766][ T7973] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  196.621495][  T970] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x21, changing to 0x1
[  196.704191][  T970] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  196.770562][  T970] usb 1-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84
[  196.800802][  T970] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.833062][  T970] usb 1-1: Product: syz
[  196.854154][  T970] usb 1-1: Manufacturer: syz
[  196.864701][  T970] usb 1-1: SerialNumber: syz
[  196.915415][  T970] usb 1-1: config 0 descriptor??
[  196.922455][ T5826] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  196.953847][ T7981] loop3: detected capacity change from 0 to 128
[  196.968575][  T970] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  197.088945][   T29] kauditd_printk_skb: 2 callbacks suppressed
[  197.088977][   T29] audit: type=1800 audit(1737318338.994:47): pid=7981 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.761" name="file1" dev="loop3" ino=1048710 res=0 errno=0
[  197.124823][ T7981] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 548, start 00000401)
[  197.198290][ T7981] FAT-fs (loop3): Filesystem has been set read-only
[  197.274467][  T970] usb 1-1: USB disconnect, device number 8
[  197.294121][   T29] audit: type=1326 audit(1737318339.204:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7988 comm="syz.5.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabd4b85d29 code=0x7ffc0000
[  197.403433][   T29] audit: type=1326 audit(1737318339.214:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7988 comm="syz.5.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fabd4b85d29 code=0x7ffc0000
[  197.500703][ T7989] loop5: detected capacity change from 0 to 2048
[  197.527908][ T6000] udevd[6000]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  197.546582][   T29] audit: type=1326 audit(1737318339.214:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7988 comm="syz.5.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fabd4b85d63 code=0x7ffc0000
[  197.602326][ T7994] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  197.685789][   T29] audit: type=1326 audit(1737318339.284:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7988 comm="syz.5.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fabd4b847df code=0x7ffc0000
[  197.764860][ T7989] NILFS (loop5): error -2 truncating bmap (ino=16)
[  197.790457][   T29] audit: type=1326 audit(1737318339.364:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7988 comm="syz.5.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fabd4b85db7 code=0x7ffc0000
[  197.871069][   T29] audit: type=1326 audit(1737318339.414:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7988 comm="syz.5.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fabd4b84690 code=0x7ffc0000
[  197.964122][   T29] audit: type=1326 audit(1737318339.414:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7988 comm="syz.5.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fabd4b8592b code=0x7ffc0000
[  198.087219][ T7994] NILFS (loop5): vblocknr = 15 has abnormal lifetime: start cno (= 4128770) > current cno (= 3)
[  198.093831][   T29] audit: type=1326 audit(1737318339.464:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7988 comm="syz.5.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fabd4b8498a code=0x7ffc0000
[  198.114043][ T7994] NILFS error (device loop5): nilfs_bmap_propagate: broken bmap (inode number=16)
[  198.173585][   T29] audit: type=1326 audit(1737318339.464:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7988 comm="syz.5.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fabd4b8498a code=0x7ffc0000
[  198.239453][ T7994] Remounting filesystem read-only
[  198.277006][ T5826] NILFS (loop5): disposed unprocessed dirty file(s) when stopping log writer
[  198.318072][ T8010] loop0: detected capacity change from 0 to 256
[  198.336095][  T970] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  198.432566][ T8010] FAT-fs (loop0): Directory bread(block 64) failed
[  198.459948][ T8010] FAT-fs (loop0): Directory bread(block 65) failed
[  198.494203][ T8010] FAT-fs (loop0): Directory bread(block 66) failed
[  198.521352][ T8010] FAT-fs (loop0): Directory bread(block 67) failed
[  198.532016][  T970] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x92, changing to 0x82
[  198.561279][ T8010] FAT-fs (loop0): Directory bread(block 68) failed
[  198.568096][  T970] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  198.594546][ T8010] FAT-fs (loop0): Directory bread(block 69) failed
[  198.596814][ T8014] loop5: detected capacity change from 0 to 2048
[  198.601283][ T8010] FAT-fs (loop0): Directory bread(block 70) failed
[  198.625427][  T970] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  198.656947][ T8014] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found
[  198.673097][  T970] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  198.674945][ T8014] UDF-fs: Scanning with blocksize 512 failed
[  198.711713][ T8010] FAT-fs (loop0): Directory bread(block 71) failed
[  198.749986][  T970] usb 3-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f
[  198.772247][ T8010] FAT-fs (loop0): Directory bread(block 72) failed
[  198.776443][ T8014] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  198.792486][  T970] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  198.809535][ T8010] FAT-fs (loop0): Directory bread(block 73) failed
[  198.818066][  T970] usb 3-1: Product: syz
[  198.822308][  T970] usb 3-1: Manufacturer: syz
[  198.858164][  T970] usb 3-1: SerialNumber: syz
[  198.880538][  T970] usb 3-1: config 0 descriptor??
[  198.916739][  T970] redrat3 3-1:0.0: Couldn't find all endpoints
[  199.036516][ T1287] ieee802154 phy0 wpan0: encryption failed: -22
[  199.036717][   T46] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  199.043216][ T1287] ieee802154 phy1 wpan1: encryption failed: -22
[  199.130646][ T8020] netlink: 40 bytes leftover after parsing attributes in process `syz.4.783'.
[  199.209782][  T968] usb 3-1: USB disconnect, device number 7
[  199.254090][   T46] usb 2-1: Using ep0 maxpacket: 32
[  199.273051][   T46] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[  199.302296][   T46] usb 2-1: config 0 has no interface number 0
[  199.328140][ T8023] loop5: detected capacity change from 0 to 256
[  199.350128][ T8023] exfat: Deprecated parameter 'namecase'
[  199.358881][   T46] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  199.378142][   T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.391827][   T46] usb 2-1: Product: syz
[  199.397450][   T46] usb 2-1: Manufacturer: syz
[  199.402682][ T8023] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  199.409544][   T46] usb 2-1: SerialNumber: syz
[  199.435843][   T46] usb 2-1: config 0 descriptor??
[  199.457731][   T46] smsc95xx v2.0.0
[  199.493788][ T8023] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x7f1fc68d, utbl_chksum : 0xe619d30d)
[  199.594461][ T5890] usb 1-1: new full-speed USB device number 9 using dummy_hcd
[  199.620027][ T8002] loop3: detected capacity change from 0 to 40427
[  199.647569][ T8002] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504)
[  199.671580][ T8028] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  199.674654][ T8002] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  199.754468][  T968] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  199.776227][ T8002] F2FS-fs (loop3): invalid crc value
[  199.798028][ T5890] usb 1-1: unable to get BOS descriptor or descriptor too short
[  199.809795][ T5890] usb 1-1: not running at top speed; connect to a high speed hub
[  199.822810][ T5890] usb 1-1: config 3 has an invalid interface number: 246 but max is 0
[  199.832339][ T5890] usb 1-1: config 3 has no interface number 0
[  199.841226][ T8002] F2FS-fs (loop3): Found nat_bits in checkpoint
[  199.857975][ T5890] usb 1-1: config 3 interface 246 has no altsetting 0
[  199.874925][ T8033] mkiss: ax0: crc mode is auto.
[  199.894840][ T5890] usb 1-1: New USB device found, idVendor=0582, idProduct=0044, bcdDevice=be.c8
[  199.924719][ T5890] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.932917][ T5890] usb 1-1: Product: syz
[  199.954300][  T968] usb 3-1: Using ep0 maxpacket: 16
[  199.974510][ T5890] usb 1-1: Manufacturer: syz
[  199.979589][ T5890] usb 1-1: SerialNumber: syz
[  199.988191][  T968] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  200.016807][  T968] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  200.045549][  T968] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x92, changing to 0x82
[  200.058852][  T968] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  200.077189][  T968] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  200.093808][   T46] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71
[  200.106356][   T46] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  200.120145][ T8002] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  200.130569][ T8002] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  200.139879][  T968] usb 3-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=b4.5b
[  200.150525][  T968] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3
[  200.161624][   T46] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  200.175265][  T968] usb 3-1: Product: syz
[  200.179540][  T968] usb 3-1: Manufacturer: syz
[  200.185281][   T46] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71
[  200.194075][  T968] usb 3-1: SerialNumber: syz
[  200.245236][  T968] usb 3-1: config 0 descriptor??
[  200.264405][   T46] usb 2-1: USB disconnect, device number 10
[  200.276559][  T968] usb 3-1: NFC: intf ffff88807c29c000 id ffffffff8f108600
[  200.344408][ T5890] usb 1-1: USB disconnect, device number 9
[  200.382022][  T968] nfcmrvl 3-1:0.0: NFC: registered with nci successfully
[  200.492744][ T5895] usb 3-1: USB disconnect, device number 8
[  200.510376][ T5895] usb 3-1: NFC: intf ffff88807c29c000
[  200.530782][ T5832] syz-executor: attempt to access beyond end of device
[  200.530782][ T5832] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  200.599694][ T5832] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  201.312921][ T8056] loop4: detected capacity change from 0 to 2048
[  201.418331][ T8056] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  201.455056][ T5895] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  201.463495][ T8059] loop1: detected capacity change from 0 to 2048
[  201.507731][ T8059] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found!
[  201.573752][ T8059] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  201.664159][ T5895] usb 1-1: Using ep0 maxpacket: 8
[  201.683456][ T5895] usb 1-1: config 0 has an invalid interface number: 128 but max is 0
[  201.719162][ T5895] usb 1-1: config 0 has no interface number 0
[  201.739283][ T5895] usb 1-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  201.745203][ T5838] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  201.756068][ T5895] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.796335][ T5895] usb 1-1: Product: syz
[  201.801005][ T5895] usb 1-1: Manufacturer: syz
[  201.834546][ T5895] usb 1-1: SerialNumber: syz
[  201.866379][ T5895] usb 1-1: config 0 descriptor??
[  201.898624][ T5895] radio-usb-si4713 1-1:0.128: Si4713 development board discovered: (10C4:8244)
[  201.924252][ T5894] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  201.944610][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.999806][ T8048] loop5: detected capacity change from 0 to 32768
[  202.049421][ T8048] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  202.114063][ T5894] usb 3-1: Using ep0 maxpacket: 8
[  202.182484][ T5894] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[  202.222271][ T5894] usb 3-1: config 0 interface 0 has no altsetting 0
[  202.280211][ T5894] usb 3-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  202.341030][ T5894] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.386760][ T5894] usb 3-1: config 0 descriptor??
[  202.393682][ T5826] ocfs2: Unmounting device (7,5) on (node local)
[  202.611230][ T8086] loop4: detected capacity change from 0 to 64
[  202.628138][ T5895] radio-usb-si4713 1-1:0.128: probe with driver radio-usb-si4713 failed with error -71
[  202.654665][ T5895] usbhid 1-1:0.128: couldn't find an input interrupt endpoint
[  202.678847][ T5895] usb 1-1: USB disconnect, device number 10
[  202.885639][ T5894] steelseries 0003:1038:12B6.0013: hidraw0: USB HID v0.00 Device [HID 1038:12b6] on usb-dummy_hcd.2-1/input0
[  202.926940][ T8089] process 'syz.3.809' launched '/dev/fd/3' with NULL argv: empty string added
[  202.967900][ T8087] loop1: detected capacity change from 0 to 8192
[  203.017983][ T8087] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  203.080789][ T5894] steelseries 0003:1038:12B6.0013: hid_hw_raw_request() failed with -71
[  203.165206][ T5894] usb 3-1: USB disconnect, device number 9
[  203.895714][ T8109] loop1: detected capacity change from 0 to 64
[  203.926169][ T8113] netlink: 'syz.5.820': attribute type 11 has an invalid length.
[  204.052980][ T8110] loop0: detected capacity change from 0 to 4096
[  204.141364][ T8111] loop4: detected capacity change from 0 to 4096
[  204.194672][ T8110] NILFS (loop0): invalid segment: Checksum error in segment payload
[  204.233630][ T8110] NILFS (loop0): trying rollback from an earlier position
[  204.307589][ T8110] NILFS (loop0): recovery complete
[  204.774114][ T5894] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  204.870883][ T8131] loop3: detected capacity change from 0 to 1024
[  204.982169][ T8131] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  205.006073][ T5894] usb 2-1: not running at top speed; connect to a high speed hub
[  205.017946][ T5894] usb 2-1: config 95 has an invalid interface number: 1 but max is 0
[  205.034431][ T5894] usb 2-1: config 95 has no interface number 0
[  205.044139][ T5894] usb 2-1: config 95 interface 1 has no altsetting 0
[  205.054951][ T5894] usb 2-1: string descriptor 0 read error: -22
[  205.064345][ T5894] usb 2-1: New USB device found, idVendor=0763, idProduct=2030, bcdDevice=79.79
[  205.073606][ T5894] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  205.242128][ T5832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.275674][ T8146] mmap: syz.2.835 (8146) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  205.611707][ T5890] usb 2-1: USB disconnect, device number 11
[  205.641333][ T8154] netlink: 8 bytes leftover after parsing attributes in process `syz.5.839'.
[  205.691706][ T8151] loop3: detected capacity change from 0 to 2048
[  205.735949][ T8151] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  206.026348][ T8160] loop4: detected capacity change from 0 to 2048
[  206.107970][ T8167] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  206.479615][ T8176] loop1: detected capacity change from 0 to 128
[  207.010829][ T8191] loop4: detected capacity change from 0 to 64
[  207.054735][ T5895] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  207.097363][ T8191] Trying to free block not in datazone
[  207.120132][ T8191] Trying to free block not in datazone
[  207.130252][ T8191] Trying to free block not in datazone
[  207.144020][ T8191] Trying to free block not in datazone
[  207.150078][ T8191] minix_free_block (loop4:6): bit already cleared
[  207.173921][ T8191] Trying to free block not in datazone
[  207.180070][ T8191] Trying to free block not in datazone
[  207.244119][ T5895] usb 1-1: Using ep0 maxpacket: 32
[  207.300718][ T5895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 82, changing to 10
[  207.343239][ T5895] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  207.382592][ T5895] usb 1-1: New USB device found, idVendor=058f, idProduct=9410, bcdDevice= 0.00
[  207.400128][ T8197] loop2: detected capacity change from 0 to 512
[  207.428350][ T5895] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.441728][ T8197] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  207.462463][ T5895] usb 1-1: config 0 descriptor??
[  207.549870][ T8197] EXT4-fs (loop2): 1 truncate cleaned up
[  207.600534][ T8197] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  207.644242][ T5894] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  207.806527][ T5894] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x92, changing to 0x82
[  207.830804][ T5894] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  207.872381][ T5894] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  207.893860][ T5895] hid (null): invalid report_count 593612431
[  207.922687][ T5894] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  207.937484][ T5895] maltron 0003:058F:9410.0014: invalid report_count 593612431
[  207.964913][ T5895] maltron 0003:058F:9410.0014: item 0 4 1 9 parsing failed
[  207.972915][ T5895] maltron 0003:058F:9410.0014: probe with driver maltron failed with error -22
[  208.018506][ T5894] usb 2-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f
[  208.028103][ T5894] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  208.036247][ T5894] usb 2-1: Product: syz
[  208.040854][ T5894] usb 2-1: Manufacturer: syz
[  208.045866][ T5894] usb 2-1: SerialNumber: syz
[  208.054273][ T5894] usb 2-1: config 0 descriptor??
[  208.066463][ T5894] redrat3 2-1:0.0: Couldn't find all endpoints
[  208.092947][ T8211] netlink: 12 bytes leftover after parsing attributes in process `syz.4.866'.
[  208.133077][ T8211] Zero length message leads to an empty skb
[  208.146722][ T5895] usb 1-1: USB disconnect, device number 11
[  208.197140][ T8213] loop5: detected capacity change from 0 to 256
[  208.197140][ T5829] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  208.310083][ T8213] FAT-fs (loop5): Directory bread(block 64) failed
[  208.328272][ T8187] loop3: detected capacity change from 0 to 32768
[  208.354909][ T8213] FAT-fs (loop5): Directory bread(block 65) failed
[  208.361704][ T8213] FAT-fs (loop5): Directory bread(block 66) failed
[  208.383783][ T5890] usb 2-1: USB disconnect, device number 12
[  208.402610][ T8187] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.855 (8187)
[  208.432750][ T8213] FAT-fs (loop5): Directory bread(block 67) failed
[  208.459476][ T8213] FAT-fs (loop5): Directory bread(block 68) failed
[  208.490115][ T8187] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  208.505548][ T8213] FAT-fs (loop5): Directory bread(block 69) failed
[  208.513551][ T8213] FAT-fs (loop5): Directory bread(block 70) failed
[  208.515397][ T8215] loop2: detected capacity change from 0 to 2048
[  208.520524][ T8187] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  208.536740][ T8213] FAT-fs (loop5): Directory bread(block 71) failed
[  208.543487][ T8213] FAT-fs (loop5): Directory bread(block 72) failed
[  208.560586][ T8187] BTRFS info (device loop3): disk space caching is enabled
[  208.588380][ T8215] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  208.608085][ T8213] FAT-fs (loop5): Directory bread(block 73) failed
[  208.624108][ T8187] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  208.777937][ T8187] BTRFS info (device loop3): rebuilding free space tree
[  208.867336][ T8187] BTRFS info (device loop3): disabling free space tree
[  208.894931][ T5890] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  208.904443][ T5829] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  208.916650][ T8187] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  208.964477][ T8187] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  209.004947][ T5829] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  209.084141][ T5890] usb 2-1: Using ep0 maxpacket: 16
[  209.100657][ T5890] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  209.144335][ T5890] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  209.204096][ T5890] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x92, changing to 0x82
[  209.261988][ T5890] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  209.305548][ T5890] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  209.317724][ T5832] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  209.327250][ T5890] usb 2-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=b4.5b
[  209.348589][ T5890] usb 2-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3
[  209.385991][ T5890] usb 2-1: Product: syz
[  209.404150][ T5890] usb 2-1: Manufacturer: syz
[  209.430423][ T5890] usb 2-1: SerialNumber: syz
[  209.461697][ T5890] usb 2-1: config 0 descriptor??
[  209.469557][ T5890] usb 2-1: NFC: intf ffff88801fb96000 id ffffffff8f108600
[  209.542941][ T5890] nfcmrvl 2-1:0.0: NFC: registered with nci successfully
[  209.635081][ T5895] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  209.793523][ T5894] usb 2-1: USB disconnect, device number 13
[  209.813221][ T5894] usb 2-1: NFC: intf ffff88801fb96000
[  209.815184][ T8257] futex_wake_op: syz.0.877 tries to shift op by -1; fix this program
[  209.837081][ T5895] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[  209.894744][ T5895] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[  209.932066][ T5895] usb 3-1: New USB device found, idVendor=057e, idProduct=2009, bcdDevice= 0.00
[  209.994302][ T5895] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  210.052326][ T5895] usb 3-1: config 0 descriptor??
[  210.218736][ T8265] loop3: detected capacity change from 0 to 64
[  210.400354][ T8269] tipc: Started in network mode
[  210.414105][ T8269] tipc: Node identity aaaaaaaaaa3, cluster identity 4711
[  210.454434][ T8269] tipc: Enabled bearer <eth:ipvlan1>, priority 10
[  210.674491][ T5895] nintendo 0003:057E:2009.0015: hidraw0: USB HID v81.01 Device [HID 057e:2009] on usb-dummy_hcd.2-1/input0
[  210.844105][ T5895] nintendo 0003:057E:2009.0015: Failed to get joycon info; ret=-38
[  210.881163][ T5895] nintendo 0003:057E:2009.0015: Failed to retrieve controller info; ret=-38
[  210.926503][ T8278] loop0: detected capacity change from 0 to 512
[  210.929162][ T5895] nintendo 0003:057E:2009.0015: Failed to initialize controller; ret=-38
[  210.933793][ T8278] EXT4-fs: Ignoring removed mblk_io_submit option
[  210.945082][ T8277] PKCS8: Unsupported PKCS#8 version
[  210.987272][ T8278] EXT4-fs: Ignoring removed bh option
[  211.004352][ T8278] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  211.039738][ T5895] nintendo 0003:057E:2009.0015: probe - fail = -38
[  211.076961][ T5895] nintendo 0003:057E:2009.0015: probe with driver nintendo failed with error -38
[  211.115183][ T8278] EXT4-fs (loop0): 1 truncate cleaned up
[  211.121659][ T5895] usb 3-1: USB disconnect, device number 10
[  211.214716][ T8278] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  211.359341][ T8278] EXT4-fs warning (device loop0): ext4_resize_fs:2019: can't read last block, resize aborted
[  211.397139][ T8287] loop5: detected capacity change from 0 to 64
[  211.598331][ T5895] tipc: Node number set to 10136234
[  211.613237][ T8263] loop4: detected capacity change from 0 to 32768
[  211.651322][ T5828] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  211.915401][ T5895] IPVS: starting estimator thread 0...
[  211.915542][ T8263] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=crc64,norecovery,reconstruct_alloc
[  211.995547][ T8263] bcachefs (loop4): recovering from clean shutdown, journal seq 10
[  212.014463][ T8305] IPVS: using max 18 ests per chain, 43200 per kthread
[  212.046652][ T8263] bcachefs (loop4): Version upgrade required:
[  212.046652][ T8263] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  212.046652][ T8263] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots
[  212.046652][ T8263]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[  212.170821][ T8263] bcachefs (loop4): dropping and reconstructing all alloc info
[  212.275017][ T8263] bcachefs (loop4): accounting_read... done
[  212.300478][ T8263] bcachefs (loop4): alloc_read... done
[  212.341031][ T8263] bcachefs (loop4): stripes_read... done
[  212.375361][ T8263] bcachefs (loop4): snapshots_read... done
[  212.381464][ T8263] bcachefs (loop4): check_allocations... done
[  212.538164][ T8263] bcachefs (loop4): going read-write
[  212.584682][ T8263] bcachefs (loop4): done starting filesystem
[  212.747006][ T8329] CUSE: unknown device info "í�SüÑìidOvé­¯P]¿%F“]Mì1˜ŽðàeÄmm÷×/ªSè…pµ0ý_ôÁJ!@4šÞZ2×öˆEkSñt‰±ÄÑ¡«ÇbZàH3"
[  212.793399][ T8329] CUSE: unknown device info ""
[  212.823760][ T8329] CUSE: zero length info key specified
[  212.880809][ T5838] bcachefs (loop4): shutting down
[  212.891768][ T5838] bcachefs (loop4): going read-only
[  212.910680][ T5838] bcachefs (loop4): finished waiting for writes to stop
[  212.978230][ T5838] bcachefs (loop4): flushing journal and stopping allocators, journal seq 11
[  213.322375][ T5838] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 15
[  213.361094][ T5838] bcachefs (loop4): unshutdown complete, journal seq 16
[  213.371179][ T5838] bcachefs (loop4): done going read-only, filesystem not clean
[  213.475762][ T5838] bcachefs (loop4): shutdown complete
[  213.484606][ T8335] loop5: detected capacity change from 0 to 4096
[  213.554069][ T8335] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512).
[  213.628013][    T8] hid-generic FFFA:0004:0008.0016: unknown main item tag 0x0
[  213.644092][    T8] hid-generic FFFA:0004:0008.0016: unknown main item tag 0x0
[  213.692207][    T8] hid-generic FFFA:0004:0008.0016: unknown main item tag 0x0
[  213.736244][    T8] hid-generic FFFA:0004:0008.0016: unknown main item tag 0x0
[  213.743745][    T8] hid-generic FFFA:0004:0008.0016: unknown main item tag 0x0
[  213.790335][    T8] hid-generic FFFA:0004:0008.0016: hidraw0: <UNKNOWN> HID v0.05 Device [syz0] on syz0
[  213.842398][ T8321] loop2: detected capacity change from 0 to 40427
[  213.849137][ T8335] ntfs3(loop5): failed to convert "c46c" to macinuit
[  213.907357][ T8321] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x1fffff
[  213.953259][ T8321] F2FS-fs (loop2): Image doesn't support compression
[  213.984079][ T8321] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x4
[  214.025656][ T8321] F2FS-fs (loop2): invalid crc value
[  214.076850][ T8321] F2FS-fs (loop2): Found nat_bits in checkpoint
[  214.129005][ T8349] loop1: detected capacity change from 0 to 256
[  214.226752][ T8351] gfs2: path_lookup on c::: returned error -2
[  214.380994][ T8355] loop3: detected capacity change from 0 to 2048
[  214.391486][ T8321] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  214.506736][ T8355] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  214.559380][   T29] kauditd_printk_skb: 10 callbacks suppressed
[  214.559413][   T29] audit: type=1800 audit(1737318356.454:67): pid=8321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.902" name="file1" dev="loop2" ino=10 res=0 errno=0
[  214.614414][ T5890] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  214.651937][ T5832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  214.764383][ T5829] syz-executor: attempt to access beyond end of device
[  214.764383][ T5829] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  214.844714][ T5890] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  214.857003][ T5829] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  214.882924][ T5890] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  214.904162][ T5890] usb 6-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.00
[  214.913331][ T5890] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  214.947403][ T5890] usb 6-1: config 0 descriptor??
[  215.307952][ T8370] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  215.386724][ T5890] vrc2 0003:07C0:1125.0017: fixing up VRC-2 report descriptor
[  215.412271][ T5890] input: HID 07c0:1125 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:07C0:1125.0017/input/input14
[  215.546928][ T5890] vrc2 0003:07C0:1125.0017: input,hidraw0: USB HID v0.00 Joystick [HID 07c0:1125] on usb-dummy_hcd.5-1/input0
[  215.626551][ T5890] usb 6-1: USB disconnect, device number 10
[  216.483188][ T5842] Bluetooth: hci2: command 0x0406 tx timeout
[  216.483238][ T5843] Bluetooth: hci1: command 0x0406 tx timeout
[  216.491984][ T5846] Bluetooth: hci3: command 0x0406 tx timeout
[  216.496079][ T5830] Bluetooth: hci4: command 0x0406 tx timeout
[  216.505366][ T5842] Bluetooth: hci0: command 0x0406 tx timeout
[  216.764223][   T29] audit: type=1326 audit(1737318358.644:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8380 comm="syz.3.931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f038cd85d29 code=0x7fc00000
[  217.205398][ T8409] netlink: 'syz.3.942': attribute type 3 has an invalid length.
[  217.210744][ T8404] loop1: detected capacity change from 0 to 4096
[  217.271523][ T8404] ntfs3(loop1): Different NTFS sector size (2048) and media sector size (512).
[  217.302403][ T8404] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  217.361894][ T8416] loop5: detected capacity change from 0 to 256
[  217.400140][ T8416] exfat: Deprecated parameter 'namecase'
[  217.424308][ T8416] exfat: Deprecated parameter 'utf8'
[  217.440138][ T8416] exfat: Deprecated parameter 'namecase'
[  217.520714][ T8416] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d)
[  217.584301][ T5894] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  217.766211][ T5894] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  217.784087][ T5894] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  217.812996][ T8421] loop3: detected capacity change from 0 to 4096
[  217.843259][ T5894] usb 1-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  217.856833][ T8421] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  217.884300][ T5894] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.918612][ T5894] usb 1-1: config 0 descriptor??
[  218.041751][ T8421] ntfs3(loop3): Failed to initialize $Extend/$Reparse.
[  218.167534][ T8433] loop4: detected capacity change from 0 to 512
[  218.212034][ T8433] EXT4-fs (loop4): 1 truncate cleaned up
[  218.251299][ T8433] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  218.389996][ T5894] arvo 0003:1E7D:30D4.0018: unknown main item tag 0x0
[  218.435244][ T5894] arvo 0003:1E7D:30D4.0018: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.0-1/input0
[  218.575207][   T29] audit: type=1326 audit(1737318360.484:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8439 comm="syz.5.956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fabd4b7cce7 code=0x7ffc0000
[  218.605816][ T5894] arvo 0003:1E7D:30D4.0018: couldn't init struct arvo_device
[  218.630772][ T5894] arvo 0003:1E7D:30D4.0018: couldn't install keyboard
[  218.639832][   T29] audit: type=1326 audit(1737318360.484:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8439 comm="syz.5.956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fabd4b21f29 code=0x7ffc0000
[  218.679908][ T5894] arvo 0003:1E7D:30D4.0018: probe with driver arvo failed with error -71
[  218.694202][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  218.713898][ T5894] usb 1-1: USB disconnect, device number 12
[  218.748006][   T29] audit: type=1326 audit(1737318360.484:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8439 comm="syz.5.956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabd4b85d29 code=0x7ffc0000
[  218.843867][   T29] audit: type=1326 audit(1737318360.484:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8439 comm="syz.5.956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabd4b85d29 code=0x7ffc0000
[  218.882969][ T5895] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  219.067531][ T8451] netlink: 28 bytes leftover after parsing attributes in process `syz.3.960'.
[  219.096896][ T5895] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  219.114071][ T5895] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  219.144107][ T5895] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  219.167578][ T5895] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  219.187118][ T5895] usb 3-1: config 0 descriptor??
[  219.517278][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  219.565470][ T8458] loop0: detected capacity change from 0 to 4096
[  219.600023][ T8458] ntfs3(loop0): It is recommened to use chkdsk.
[  219.628052][ T8458] ntfs3(loop0): try to read out of volume at offset 0x3fffffc0c00
[  219.637727][ T5895] pyra 0003:1E7D:2CF6.0019: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.2-1/input0
[  219.654222][ T8458] ntfs3(loop0): try to read out of volume at offset 0x3fffffc0c00
[  219.682525][ T8458] ntfs3(loop0): try to read out of volume at offset 0x3fffffc0c00
[  219.713399][ T8458] ntfs3(loop0): try to read out of volume at offset 0x3fffffc0c00
[  219.737238][ T8458] ntfs3(loop0): try to read out of volume at offset 0x3fffffc1c00
[  219.772988][ T8458] ntfs3(loop0): try to read out of volume at offset 0x3fffffc2c00
[  219.788543][ T8458] ntfs3(loop0): try to read out of volume at offset 0x3fffffc4c00
[  219.796987][ T8458] ntfs3(loop0): try to read out of volume at offset 0x3fffffc8c00
[  219.805551][ T8458] ntfs3(loop0): try to read out of volume at offset 0x3fffffd0c00
[  219.827016][ T5895] pyra 0003:1E7D:2CF6.0019: couldn't init struct pyra_device
[  219.864083][ T5895] pyra 0003:1E7D:2CF6.0019: couldn't install mouse
[  219.892437][ T5895] pyra 0003:1E7D:2CF6.0019: probe with driver pyra failed with error -71
[  219.952383][ T5895] usb 3-1: USB disconnect, device number 11
[  220.618415][ T8479] netlink: 44 bytes leftover after parsing attributes in process `syz.5.975'.
[  220.750753][ T8486] loop0: detected capacity change from 0 to 512
[  220.814592][ T8486] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  220.913485][ T8486] EXT4-fs (loop0): 1 truncate cleaned up
[  220.985431][ T8486] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  221.091935][ T8486] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.977: corrupted in-inode xattr: overlapping e_value 
[  221.174110][ T8486] EXT4-fs warning (device loop0): ext4_xattr_set_entry:1771: inode #15: comm syz.0.977: unable to update i_inline_off
[  221.204410][ T8486] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.977: corrupted in-inode xattr: overlapping e_value 
[  221.324189][ T5895] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  221.469043][ T5828] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  221.509587][ T5895] usb 3-1: New USB device found, idVendor=0dba, idProduct=3000, bcdDevice=26.ea
[  221.530904][ T5895] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  221.609283][ T5895] usb 3-1: config 0 descriptor??
[  221.634349][ T5894] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  221.647335][ T5895] usb 3-1: Invalid firmware size=18.
[  221.752164][ T8511] ucma_write: process 347 (syz.0.988) changed security contexts after opening file descriptor, this is not allowed.
[  221.816807][ T5894] usb 4-1: Using ep0 maxpacket: 16
[  221.867964][ T5894] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  221.879222][ T5893] usb 3-1: USB disconnect, device number 12
[  221.895855][ T5894] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  221.911475][   T29] audit: type=1326 audit(1737318363.824:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8514 comm="syz.5.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabd4b85d29 code=0x7ffc0000
[  221.915446][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  221.987428][ T5894] usb 4-1: Product: syz
[  222.006326][   T29] audit: type=1326 audit(1737318363.824:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8514 comm="syz.5.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabd4b85d29 code=0x7ffc0000
[  222.024179][ T5894] usb 4-1: Manufacturer: syz
[  222.044790][ T5894] usb 4-1: SerialNumber: syz
[  222.085481][ T5894] usb 4-1: config 0 descriptor??
[  222.103189][   T29] audit: type=1326 audit(1737318363.904:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8514 comm="syz.5.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fabd4b85d29 code=0x7ffc0000
[  222.208272][   T29] audit: type=1326 audit(1737318363.904:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8514 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabd4b85d29 code=0x7ffc0000
[  222.290430][   T29] audit: type=1326 audit(1737318363.904:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8514 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabd4b85d29 code=0x7ffc0000
[  222.351666][   T29] audit: type=1326 audit(1737318363.904:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8514 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7fabd4b85d29 code=0x7ffc0000
[  222.440893][ T5894] usb 4-1: USB disconnect, device number 15
[  222.469606][   T29] audit: type=1326 audit(1737318363.904:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8514 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabd4b85d29 code=0x7ffc0000
[  222.697155][ T8527] loop2: detected capacity change from 0 to 256
[  222.770791][ T8502] loop1: detected capacity change from 0 to 32768
[  222.846345][ T8502] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  223.263105][ T8502] XFS (loop1): Ending clean mount
[  223.314255][ T8502] XFS (loop1): Quotacheck needed: Please wait.
[  223.476333][ T8502] XFS (loop1): Quotacheck: Done.
[  223.551655][ T8553] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  223.808939][ T5837] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  223.965374][ T8563] loop4: detected capacity change from 0 to 1024
[  224.122355][ T8563] hfsplus: bad catalog entry type
[  224.274886][ T8557] loop3: detected capacity change from 0 to 8192
[  224.357396][ T8538] loop0: detected capacity change from 0 to 32768
[  224.376446][ T8557] Dev loop3: RDB in block 1 has bad checksum
[  224.427851][ T8538] XFS: ikeep mount option is deprecated.
[  224.464535][ T5198] Dev loop3: RDB in block 1 has bad checksum
[  224.474334][ T8538] XFS: noikeep mount option is deprecated.
[  224.622630][ T8538] XFS (loop0): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  224.832174][ T8538] XFS (loop0): Ending clean mount
[  224.874450][   T46] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  224.898116][ T8538] XFS (loop0): Quotacheck needed: Please wait.
[  225.033412][ T8538] XFS (loop0): Quotacheck: Done.
[  225.040956][ T8586] loop2: detected capacity change from 0 to 128
[  225.059329][   T46] usb 5-1: Using ep0 maxpacket: 32
[  225.096070][   T46] usb 5-1: config 0 has an invalid interface number: 12 but max is 0
[  225.107495][ T8586] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  225.124066][   T46] usb 5-1: config 0 has no interface number 0
[  225.134693][   T46] usb 5-1: config 0 interface 12 has no altsetting 0
[  225.165416][   T46] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  225.192821][   T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  225.236784][   T46] usb 5-1: Product: syz
[  225.241239][   T46] usb 5-1: Manufacturer: syz
[  225.266468][   T46] usb 5-1: SerialNumber: syz
[  225.286607][   T46] usb 5-1: config 0 descriptor??
[  225.370987][ T5828] XFS (loop0): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  225.421939][ T8590] Bluetooth: MGMT ver 1.23
[  225.507288][ T8568] loop5: detected capacity change from 0 to 32768
[  225.584257][ T8568] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1013 (8568)
[  225.703662][ T8568] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  225.744183][ T8568] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[  225.753189][ T8568] BTRFS info (device loop5): using free-space-tree
[  225.964827][   T46] f81534 5-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  225.979782][ T8595] ==================================================================
[  225.979819][   T46] f81534 5-1:0.12: f81534_find_config_idx: read failed: -71
[  225.987910][ T8595] BUG: KASAN: slab-use-after-free in hci_sock_get_cookie+0x42/0x50
[  225.988000][ T8595] Read of size 4 at addr ffff888057c0d5b8 by task syz.2.1022/8595
[  225.988034][ T8595] 
[  225.988046][ T8595] CPU: 0 UID: 0 PID: 8595 Comm: syz.2.1022 Not tainted 6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  225.988099][ T8595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  225.988125][ T8595] Call Trace:
[  225.988142][ T8595]  <TASK>
[  225.988158][ T8595]  dump_stack_lvl+0x116/0x1f0
[  225.988221][ T8595]  print_report+0xc3/0x620
[  225.988269][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  225.988321][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  225.988378][ T8595]  ? __phys_addr+0xc6/0x150
[  225.988444][ T8595]  kasan_report+0xd9/0x110
[  226.011009][   T46] f81534 5-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  226.011456][ T8595]  ? hci_sock_get_cookie+0x42/0x50
[  226.019414][   T46] f81534 5-1:0.12: probe with driver f81534 failed with error -71
[  226.024446][ T8595]  ? hci_sock_get_cookie+0x42/0x50
[  226.024549][ T8595]  hci_sock_get_cookie+0x42/0x50
[  226.024614][ T8595]  mgmt_cmd_status+0x229/0x520
[  226.024676][ T8595]  cmd_complete_rsp+0x165/0x1e0
[  226.024736][ T8595]  mgmt_pending_foreach+0xe2/0x140
[  226.024797][ T8595]  ? __pfx_cmd_complete_rsp+0x10/0x10
[  226.024859][ T8595]  __mgmt_power_off+0x12a/0x2c0
[  226.024911][ T8595]  ? __pfx___mgmt_power_off+0x10/0x10
[  226.024971][ T8595]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  226.025046][ T8595]  ? lockdep_hardirqs_on+0x7c/0x110
[  226.025107][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  226.025155][ T8595]  ? 0xffffffff81000000
[  226.025187][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  226.025235][ T8595]  hci_dev_close_sync+0xcbb/0x11a0
[  226.025283][ T8595]  ? __pfx_hci_dev_close_sync+0x10/0x10
[  226.025334][ T8595]  hci_dev_do_close+0x2e/0x90
[  226.025405][ T8595]  hci_dev_close+0x183/0x1e0
[  226.025446][ T8595]  hci_sock_ioctl+0x2b5/0x7d0
[  226.183102][ T8595]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  226.188377][ T8595]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  226.194405][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  226.200085][ T8595]  sock_do_ioctl+0x119/0x280
[  226.204733][ T8595]  ? __pfx_sock_do_ioctl+0x10/0x10
[  226.209904][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  226.215582][ T8595]  sock_ioctl+0x228/0x6c0
[  226.219973][ T8595]  ? __pfx_sock_ioctl+0x10/0x10
[  226.224884][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  226.230569][ T8595]  ? __fget_files+0x206/0x3a0
[  226.235315][ T8595]  ? __pfx_sock_ioctl+0x10/0x10
[  226.240222][ T8595]  __x64_sys_ioctl+0x193/0x200
[  226.245044][ T8595]  do_syscall_64+0xcd/0x250
[  226.249610][ T8595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.255569][ T8595] RIP: 0033:0x7f034dd85d29
[  226.260012][ T8595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  226.279670][ T8595] RSP: 002b:00007f034ebe5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  226.288129][ T8595] RAX: ffffffffffffffda RBX: 00007f034df75fa0 RCX: 00007f034dd85d29
[  226.296138][ T8595] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004
[  226.304140][ T8595] RBP: 00007f034de01b08 R08: 0000000000000000 R09: 0000000000000000
[  226.312492][ T8595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  226.320903][ T8595] R13: 0000000000000000 R14: 00007f034df75fa0 R15: 00007ffc75ec7218
[  226.328935][ T8595]  </TASK>
[  226.331992][ T8595] 
[  226.334338][ T8595] Allocated by task 6867:
[  226.338700][ T8595]  kasan_save_stack+0x33/0x60
[  226.343417][ T8595]  kasan_save_track+0x14/0x30
[  226.348147][ T8595]  __kasan_kmalloc+0xaa/0xb0
[  226.352789][ T8595]  __kmalloc_noprof+0x21c/0x510
[  226.357681][ T8595]  sk_prot_alloc+0x1a8/0x2a0
[  226.362316][ T8595]  sk_alloc+0x36/0xb90
[  226.366414][ T8595]  bt_sock_alloc+0x3b/0x3a0
[  226.370977][ T8595]  hci_sock_create+0xbc/0x1a0
[  226.375703][ T8595]  bt_sock_create+0x185/0x350
[  226.380422][ T8595]  __sock_create+0x338/0x8d0
[  226.385063][ T8595]  __sys_socket+0x14f/0x260
[  226.389621][ T8595]  __x64_sys_socket+0x72/0xb0
[  226.394394][ T8595]  do_syscall_64+0xcd/0x250
[  226.398962][ T8595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.404919][ T8595] 
[  226.407261][ T8595] Freed by task 8604:
[  226.411250][ T8595]  kasan_save_stack+0x33/0x60
[  226.415964][ T8595]  kasan_save_track+0x14/0x30
[  226.420671][ T8595]  kasan_save_free_info+0x3b/0x60
[  226.425750][ T8595]  __kasan_slab_free+0x51/0x70
[  226.430549][ T8595]  kfree+0x14f/0x4b0
[  226.434496][ T8595]  __sk_destruct+0x5eb/0x720
[  226.439145][ T8595]  sk_destruct+0xc2/0xf0
[  226.443434][ T8595]  __sk_free+0xf4/0x3e0
[  226.447706][ T8595]  sk_free+0x6a/0x90
[  226.451631][ T8595]  mgmt_pending_free+0xc0/0xf0
[  226.456451][ T8595]  cmd_complete_rsp+0x16d/0x1e0
[  226.461346][ T8595]  mgmt_pending_foreach+0xe2/0x140
[  226.466767][ T8595]  mgmt_index_removed+0x145/0x300
[  226.471862][ T8595]  hci_sock_bind+0xb57/0x14d0
[  226.476592][ T8595]  __sys_bind+0x216/0x260
[  226.481143][ T8595]  __x64_sys_bind+0x72/0xb0
[  226.485700][ T8595]  do_syscall_64+0xcd/0x250
[  226.490270][ T8595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.496310][ T8595] 
[  226.498687][ T8595] The buggy address belongs to the object at ffff888057c0d000
[  226.498687][ T8595]  which belongs to the cache kmalloc-2k of size 2048
[  226.512789][ T8595] The buggy address is located 1464 bytes inside of
[  226.512789][ T8595]  freed 2048-byte region [ffff888057c0d000, ffff888057c0d800)
[  226.526812][ T8595] 
[  226.529150][ T8595] The buggy address belongs to the physical page:
[  226.535676][ T8595] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888057c0f000 pfn:0x57c08
[  226.545795][ T8595] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  226.554326][ T8595] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  226.562861][ T8595] page_type: f5(slab)
[  226.566875][ T8595] raw: 00fff00000000240 ffff88801b042000 ffffea0001631210 ffffea000172c010
[  226.575492][ T8595] raw: ffff888057c0f000 0000000000080003 00000001f5000000 0000000000000000
[  226.584201][ T8595] head: 00fff00000000240 ffff88801b042000 ffffea0001631210 ffffea000172c010
[  226.593013][ T8595] head: ffff888057c0f000 0000000000080003 00000001f5000000 0000000000000000
[  226.601757][ T8595] head: 00fff00000000003 ffffea00015f0201 ffffffffffffffff 0000000000000000
[  226.610468][ T8595] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  226.619419][ T8595] page dumped because: kasan: bad access detected
[  226.625880][ T8595] page_owner tracks the page as allocated
[  226.631605][ T8595] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5829, tgid 5829 (syz-executor), ts 99188561302, free_ts 32585661858
[  226.652426][ T8595]  post_alloc_hook+0x2d1/0x350
[  226.657233][ T8595]  get_page_from_freelist+0xfce/0x2f80
[  226.662743][ T8595]  __alloc_pages_noprof+0x223/0x25b0
[  226.668107][ T8595]  alloc_pages_mpol_noprof+0x2c8/0x620
[  226.673628][ T8595]  new_slab+0x2c9/0x410
[  226.677857][ T8595]  ___slab_alloc+0xd7d/0x17a0
[  226.682599][ T8595]  __slab_alloc.constprop.0+0x56/0xb0
[  226.688301][ T8595]  __kmalloc_node_track_caller_noprof+0x2f1/0x510
[  226.694807][ T8595]  kmalloc_reserve+0xef/0x2c0
[  226.699537][ T8595]  pskb_expand_head+0x243/0x1240
[  226.704532][ T8595]  netlink_trim+0x1ef/0x250
[  226.709093][ T8595]  netlink_broadcast_filtered+0xc7/0xef0
[  226.714794][ T8595]  nlmsg_notify+0x9e/0x220
[  226.719268][ T8595]  rtmsg_ifinfo+0x174/0x1a0
[  226.723803][ T8595]  __dev_notify_flags+0x24e/0x2e0
[  226.728893][ T8595]  dev_change_flags+0x10c/0x160
[  226.733775][ T8595] page last free pid 1 tgid 1 stack trace:
[  226.739609][ T8595]  free_unref_page+0x661/0x1080
[  226.744536][ T8595]  free_contig_range+0x133/0x3f0
[  226.749529][ T8595]  destroy_args+0x802/0xa50
[  226.754189][ T8595]  debug_vm_pgtable+0x168e/0x31a0
[  226.759460][ T8595]  do_one_initcall+0x12b/0x700
[  226.764371][ T8595]  kernel_init_freeable+0x5c7/0x900
[  226.769632][ T8595]  kernel_init+0x1c/0x2b0
[  226.774010][ T8595]  ret_from_fork+0x48/0x80
[  226.778584][ T8595]  ret_from_fork_asm+0x1a/0x30
[  226.783408][ T8595] 
[  226.785749][ T8595] Memory state around the buggy address:
[  226.791395][ T8595]  ffff888057c0d480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  226.799490][ T8595]  ffff888057c0d500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  226.807584][ T8595] >ffff888057c0d580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  226.815841][ T8595]                                         ^
[  226.821751][ T8595]  ffff888057c0d600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  226.829842][ T8595]  ffff888057c0d680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  226.837931][ T8595] ==================================================================
[  226.914262][   T46] usb 5-1: USB disconnect, device number 11
[  226.914763][ T8578] loop1: detected capacity change from 0 to 32768
[  226.994219][ T8595] Disabling lock debugging due to kernel taint
[  227.004229][ T8595] ==================================================================
[  227.012360][ T8595] BUG: KASAN: slab-use-after-free in sk_filter_trim_cap+0x9bd/0xac0
[  227.020849][ T8595] Read of size 8 at addr ffff888057c0d178 by task syz.2.1022/8595
[  227.028700][ T8595] 
[  227.031045][ T8595] CPU: 1 UID: 0 PID: 8595 Comm: syz.2.1022 Tainted: G    B              6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  227.043343][ T8595] Tainted: [B]=BAD_PAGE
[  227.047549][ T8595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  227.057670][ T8595] Call Trace:
[  227.060971][ T8595]  <TASK>
[  227.063919][ T8595]  dump_stack_lvl+0x116/0x1f0
[  227.068674][ T8595]  print_report+0xc3/0x620
[  227.073160][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  227.078837][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  227.084523][ T8595]  ? __phys_addr+0xc6/0x150
[  227.089082][ T8595]  kasan_report+0xd9/0x110
[  227.093673][ T8595]  ? sk_filter_trim_cap+0x9bd/0xac0
[  227.098963][ T8595]  ? sk_filter_trim_cap+0x9bd/0xac0
[  227.104209][ T8595]  sk_filter_trim_cap+0x9bd/0xac0
[  227.109274][ T8595]  ? create_monitor_ctrl_event+0x1ab/0x450
[  227.115143][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  227.120822][ T8595]  ? rcu_is_watching+0x12/0xc0
[  227.125645][ T8595]  ? __pfx_sk_filter_trim_cap+0x10/0x10
[  227.131236][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  227.136906][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  227.142576][ T8595]  ? ktime_get_with_offset+0x20f/0x3a0
[  227.148172][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  227.154213][ T8595]  sock_queue_rcv_skb_reason+0x30/0xe0
[  227.159748][ T8595]  mgmt_cmd_status+0x304/0x520
[  227.164576][ T8595]  cmd_complete_rsp+0x165/0x1e0
[  227.169500][ T8595]  mgmt_pending_foreach+0xe2/0x140
[  227.174678][ T8595]  ? __pfx_cmd_complete_rsp+0x10/0x10
[  227.180112][ T8595]  __mgmt_power_off+0x12a/0x2c0
[  227.185014][ T8595]  ? __pfx___mgmt_power_off+0x10/0x10
[  227.190433][ T8595]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  227.196477][ T8595]  ? lockdep_hardirqs_on+0x7c/0x110
[  227.201735][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  227.207416][ T8595]  ? 0xffffffff81000000
[  227.211599][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  227.217289][ T8595]  hci_dev_close_sync+0xcbb/0x11a0
[  227.222547][ T8595]  ? __pfx_hci_dev_close_sync+0x10/0x10
[  227.228149][ T8595]  hci_dev_do_close+0x2e/0x90
[  227.232900][ T8595]  hci_dev_close+0x183/0x1e0
[  227.237538][ T8595]  hci_sock_ioctl+0x2b5/0x7d0
[  227.242292][ T8595]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  227.247566][ T8595]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  227.253604][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  227.259337][ T8595]  sock_do_ioctl+0x119/0x280
[  227.263990][ T8595]  ? __pfx_sock_do_ioctl+0x10/0x10
[  227.269175][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  227.274859][ T8595]  sock_ioctl+0x228/0x6c0
[  227.279245][ T8595]  ? __pfx_sock_ioctl+0x10/0x10
[  227.284370][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  227.290308][ T8595]  ? __fget_files+0x206/0x3a0
[  227.295049][ T8595]  ? __pfx_sock_ioctl+0x10/0x10
[  227.299958][ T8595]  __x64_sys_ioctl+0x193/0x200
[  227.305037][ T8595]  do_syscall_64+0xcd/0x250
[  227.309603][ T8595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.315558][ T8595] RIP: 0033:0x7f034dd85d29
[  227.320001][ T8595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  227.339665][ T8595] RSP: 002b:00007f034ebe5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  227.348132][ T8595] RAX: ffffffffffffffda RBX: 00007f034df75fa0 RCX: 00007f034dd85d29
[  227.356147][ T8595] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004
[  227.364166][ T8595] RBP: 00007f034de01b08 R08: 0000000000000000 R09: 0000000000000000
[  227.372192][ T8595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  227.380211][ T8595] R13: 0000000000000000 R14: 00007f034df75fa0 R15: 00007ffc75ec7218
[  227.388231][ T8595]  </TASK>
[  227.391265][ T8595] 
[  227.393602][ T8595] Allocated by task 6867:
[  227.397949][ T8595]  kasan_save_stack+0x33/0x60
[  227.402660][ T8595]  kasan_save_track+0x14/0x30
[  227.407371][ T8595]  __kasan_kmalloc+0xaa/0xb0
[  227.411993][ T8595]  __kmalloc_noprof+0x21c/0x510
[  227.416888][ T8595]  sk_prot_alloc+0x1a8/0x2a0
[  227.421534][ T8595]  sk_alloc+0x36/0xb90
[  227.425636][ T8595]  bt_sock_alloc+0x3b/0x3a0
[  227.430185][ T8595]  hci_sock_create+0xbc/0x1a0
[  227.434911][ T8595]  bt_sock_create+0x185/0x350
[  227.439643][ T8595]  __sock_create+0x338/0x8d0
[  227.444370][ T8595]  __sys_socket+0x14f/0x260
[  227.448931][ T8595]  __x64_sys_socket+0x72/0xb0
[  227.453667][ T8595]  do_syscall_64+0xcd/0x250
[  227.458231][ T8595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.464200][ T8595] 
[  227.466545][ T8595] Freed by task 8604:
[  227.470543][ T8595]  kasan_save_stack+0x33/0x60
[  227.475258][ T8595]  kasan_save_track+0x14/0x30
[  227.479969][ T8595]  kasan_save_free_info+0x3b/0x60
[  227.485046][ T8595]  __kasan_slab_free+0x51/0x70
[  227.489854][ T8595]  kfree+0x14f/0x4b0
[  227.493895][ T8595]  __sk_destruct+0x5eb/0x720
[  227.498593][ T8595]  sk_destruct+0xc2/0xf0
[  227.502963][ T8595]  __sk_free+0xf4/0x3e0
[  227.507152][ T8595]  sk_free+0x6a/0x90
[  227.511074][ T8595]  mgmt_pending_free+0xc0/0xf0
[  227.515891][ T8595]  cmd_complete_rsp+0x16d/0x1e0
[  227.520797][ T8595]  mgmt_pending_foreach+0xe2/0x140
[  227.525967][ T8595]  mgmt_index_removed+0x145/0x300
[  227.531035][ T8595]  hci_sock_bind+0xb57/0x14d0
[  227.535765][ T8595]  __sys_bind+0x216/0x260
[  227.540232][ T8595]  __x64_sys_bind+0x72/0xb0
[  227.544795][ T8595]  do_syscall_64+0xcd/0x250
[  227.549362][ T8595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.555322][ T8595] 
[  227.557706][ T8595] The buggy address belongs to the object at ffff888057c0d000
[  227.557706][ T8595]  which belongs to the cache kmalloc-2k of size 2048
[  227.571817][ T8595] The buggy address is located 376 bytes inside of
[  227.571817][ T8595]  freed 2048-byte region [ffff888057c0d000, ffff888057c0d800)
[  227.585756][ T8595] 
[  227.588106][ T8595] The buggy address belongs to the physical page:
[  227.594545][ T8595] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888057c0f000 pfn:0x57c08
[  227.604655][ T8595] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  227.613192][ T8595] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  227.621743][ T8595] page_type: f5(slab)
[  227.625763][ T8595] raw: 00fff00000000240 ffff88801b042000 ffffea0001631210 ffffea000172c010
[  227.634484][ T8595] raw: ffff888057c0f000 0000000000080003 00000001f5000000 0000000000000000
[  227.643117][ T8595] head: 00fff00000000240 ffff88801b042000 ffffea0001631210 ffffea000172c010
[  227.651847][ T8595] head: ffff888057c0f000 0000000000080003 00000001f5000000 0000000000000000
[  227.660754][ T8595] head: 00fff00000000003 ffffea00015f0201 ffffffffffffffff 0000000000000000
[  227.669575][ T8595] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  227.678276][ T8595] page dumped because: kasan: bad access detected
[  227.684699][ T8595] page_owner tracks the page as allocated
[  227.690419][ T8595] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5829, tgid 5829 (syz-executor), ts 99188561302, free_ts 32585661858
[  227.711255][ T8595]  post_alloc_hook+0x2d1/0x350
[  227.716053][ T8595]  get_page_from_freelist+0xfce/0x2f80
[  227.721897][ T8595]  __alloc_pages_noprof+0x223/0x25b0
[  227.727216][ T8595]  alloc_pages_mpol_noprof+0x2c8/0x620
[  227.732714][ T8595]  new_slab+0x2c9/0x410
[  227.736915][ T8595]  ___slab_alloc+0xd7d/0x17a0
[  227.741637][ T8595]  __slab_alloc.constprop.0+0x56/0xb0
[  227.747059][ T8595]  __kmalloc_node_track_caller_noprof+0x2f1/0x510
[  227.753505][ T8595]  kmalloc_reserve+0xef/0x2c0
[  227.758224][ T8595]  pskb_expand_head+0x243/0x1240
[  227.763474][ T8595]  netlink_trim+0x1ef/0x250
[  227.768034][ T8595]  netlink_broadcast_filtered+0xc7/0xef0
[  227.773714][ T8595]  nlmsg_notify+0x9e/0x220
[  227.778176][ T8595]  rtmsg_ifinfo+0x174/0x1a0
[  227.782708][ T8595]  __dev_notify_flags+0x24e/0x2e0
[  227.787870][ T8595]  dev_change_flags+0x10c/0x160
[  227.792750][ T8595] page last free pid 1 tgid 1 stack trace:
[  227.798596][ T8595]  free_unref_page+0x661/0x1080
[  227.803538][ T8595]  free_contig_range+0x133/0x3f0
[  227.808521][ T8595]  destroy_args+0x802/0xa50
[  227.813083][ T8595]  debug_vm_pgtable+0x168e/0x31a0
[  227.818147][ T8595]  do_one_initcall+0x12b/0x700
[  227.822971][ T8595]  kernel_init_freeable+0x5c7/0x900
[  227.828245][ T8595]  kernel_init+0x1c/0x2b0
[  227.832663][ T8595]  ret_from_fork+0x48/0x80
[  227.837121][ T8595]  ret_from_fork_asm+0x1a/0x30
[  227.841944][ T8595] 
[  227.844278][ T8595] Memory state around the buggy address:
[  227.850101][ T8595]  ffff888057c0d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  227.858184][ T8595]  ffff888057c0d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  227.866452][ T8595] >ffff888057c0d100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  227.874578][ T8595]                                                                 ^
[  227.882577][ T8595]  ffff888057c0d180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  227.890669][ T8595]  ffff888057c0d200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  227.898757][ T8595] ==================================================================
[  227.963156][ T8595] ==================================================================
[  227.971481][ T8595] BUG: KASAN: slab-use-after-free in __sock_queue_rcv_skb+0x3c/0xa80
[  227.979615][ T8595] Read of size 4 at addr ffff888057c0d140 by task syz.2.1022/8595
[  227.987467][ T8595] 
[  227.989825][ T8595] CPU: 0 UID: 0 PID: 8595 Comm: syz.2.1022 Tainted: G    B              6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  228.002309][ T8595] Tainted: [B]=BAD_PAGE
[  228.006670][ T8595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  228.016787][ T8595] Call Trace:
[  228.020099][ T8595]  <TASK>
[  228.023071][ T8595]  dump_stack_lvl+0x116/0x1f0
[  228.027831][ T8595]  print_report+0xc3/0x620
[  228.032305][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.037995][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.043705][ T8595]  ? __phys_addr+0xc6/0x150
[  228.048293][ T8595]  kasan_report+0xd9/0x110
[  228.052964][ T8595]  ? __sock_queue_rcv_skb+0x3c/0xa80
[  228.058587][ T8595]  ? __sock_queue_rcv_skb+0x3c/0xa80
[  228.059611][ T8578] workqueue: Failed to create a rescuer kthread for wq "ocfs2_wq": -EINTR
[  228.063931][ T8595]  kasan_check_range+0xef/0x1a0
[  228.064005][ T8595]  __sock_queue_rcv_skb+0x3c/0xa80
[  228.080043][ T8578] (syz.1.1011,8578,1):ocfs2_initialize_super:2281 ERROR: status = -12
[  228.082457][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.082517][ T8595]  sock_queue_rcv_skb_reason+0xa2/0xe0
[  228.092767][ T8578] (syz.1.1011,8578,1):ocfs2_fill_super:1178 ERROR: status = -12
[  228.096345][ T8595]  mgmt_cmd_status+0x304/0x520
[  228.096418][ T8595]  cmd_complete_rsp+0x165/0x1e0
[  228.119266][ T8595]  mgmt_pending_foreach+0xe2/0x140
[  228.124445][ T8595]  ? __pfx_cmd_complete_rsp+0x10/0x10
[  228.129986][ T8595]  __mgmt_power_off+0x12a/0x2c0
[  228.134887][ T8595]  ? __pfx___mgmt_power_off+0x10/0x10
[  228.140317][ T8595]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  228.146361][ T8595]  ? lockdep_hardirqs_on+0x7c/0x110
[  228.151719][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.157519][ T8595]  ? 0xffffffff81000000
[  228.161700][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.167384][ T8595]  hci_dev_close_sync+0xcbb/0x11a0
[  228.172563][ T8595]  ? __pfx_hci_dev_close_sync+0x10/0x10
[  228.178165][ T8595]  hci_dev_do_close+0x2e/0x90
[  228.182921][ T8595]  hci_dev_close+0x183/0x1e0
[  228.187579][ T8595]  hci_sock_ioctl+0x2b5/0x7d0
[  228.192329][ T8595]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  228.197591][ T8595]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  228.203614][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.209300][ T8595]  sock_do_ioctl+0x119/0x280
[  228.213959][ T8595]  ? __pfx_sock_do_ioctl+0x10/0x10
[  228.219154][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.224870][ T8595]  sock_ioctl+0x228/0x6c0
[  228.229277][ T8595]  ? __pfx_sock_ioctl+0x10/0x10
[  228.234229][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.239903][ T8595]  ? __fget_files+0x206/0x3a0
[  228.244659][ T8595]  ? __pfx_sock_ioctl+0x10/0x10
[  228.249566][ T8595]  __x64_sys_ioctl+0x193/0x200
[  228.254388][ T8595]  do_syscall_64+0xcd/0x250
[  228.259043][ T8595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.264999][ T8595] RIP: 0033:0x7f034dd85d29
[  228.269447][ T8595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  228.289113][ T8595] RSP: 002b:00007f034ebe5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  228.297576][ T8595] RAX: ffffffffffffffda RBX: 00007f034df75fa0 RCX: 00007f034dd85d29
[  228.305585][ T8595] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004
[  228.313587][ T8595] RBP: 00007f034de01b08 R08: 0000000000000000 R09: 0000000000000000
[  228.321593][ T8595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  228.329609][ T8595] R13: 0000000000000000 R14: 00007f034df75fa0 R15: 00007ffc75ec7218
[  228.337635][ T8595]  </TASK>
[  228.340676][ T8595] 
[  228.343008][ T8595] Allocated by task 6867:
[  228.347357][ T8595]  kasan_save_stack+0x33/0x60
[  228.352069][ T8595]  kasan_save_track+0x14/0x30
[  228.356794][ T8595]  __kasan_kmalloc+0xaa/0xb0
[  228.361438][ T8595]  __kmalloc_noprof+0x21c/0x510
[  228.366333][ T8595]  sk_prot_alloc+0x1a8/0x2a0
[  228.370988][ T8595]  sk_alloc+0x36/0xb90
[  228.375088][ T8595]  bt_sock_alloc+0x3b/0x3a0
[  228.379647][ T8595]  hci_sock_create+0xbc/0x1a0
[  228.384469][ T8595]  bt_sock_create+0x185/0x350
[  228.389212][ T8595]  __sock_create+0x338/0x8d0
[  228.393851][ T8595]  __sys_socket+0x14f/0x260
[  228.398408][ T8595]  __x64_sys_socket+0x72/0xb0
[  228.403145][ T8595]  do_syscall_64+0xcd/0x250
[  228.407709][ T8595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.413666][ T8595] 
[  228.416005][ T8595] Freed by task 8604:
[  228.420001][ T8595]  kasan_save_stack+0x33/0x60
[  228.424720][ T8595]  kasan_save_track+0x14/0x30
[  228.429432][ T8595]  kasan_save_free_info+0x3b/0x60
[  228.434513][ T8595]  __kasan_slab_free+0x51/0x70
[  228.439320][ T8595]  kfree+0x14f/0x4b0
[  228.443273][ T8595]  __sk_destruct+0x5eb/0x720
[  228.447937][ T8595]  sk_destruct+0xc2/0xf0
[  228.452224][ T8595]  __sk_free+0xf4/0x3e0
[  228.456413][ T8595]  sk_free+0x6a/0x90
[  228.460383][ T8595]  mgmt_pending_free+0xc0/0xf0
[  228.465204][ T8595]  cmd_complete_rsp+0x16d/0x1e0
[  228.470103][ T8595]  mgmt_pending_foreach+0xe2/0x140
[  228.475270][ T8595]  mgmt_index_removed+0x145/0x300
[  228.480605][ T8595]  hci_sock_bind+0xb57/0x14d0
[  228.485385][ T8595]  __sys_bind+0x216/0x260
[  228.489786][ T8595]  __x64_sys_bind+0x72/0xb0
[  228.494360][ T8595]  do_syscall_64+0xcd/0x250
[  228.498923][ T8595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.504988][ T8595] 
[  228.507423][ T8595] The buggy address belongs to the object at ffff888057c0d000
[  228.507423][ T8595]  which belongs to the cache kmalloc-2k of size 2048
[  228.521700][ T8595] The buggy address is located 320 bytes inside of
[  228.521700][ T8595]  freed 2048-byte region [ffff888057c0d000, ffff888057c0d800)
[  228.535644][ T8595] 
[  228.537996][ T8595] The buggy address belongs to the physical page:
[  228.544428][ T8595] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888057c0f000 pfn:0x57c08
[  228.554641][ T8595] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  228.563172][ T8595] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  228.571761][ T8595] page_type: f5(slab)
[  228.575784][ T8595] raw: 00fff00000000240 ffff88801b042000 ffffea0001631210 ffffea000172c010
[  228.584406][ T8595] raw: ffff888057c0f000 0000000000080003 00000001f5000000 0000000000000000
[  228.593212][ T8595] head: 00fff00000000240 ffff88801b042000 ffffea0001631210 ffffea000172c010
[  228.601926][ T8595] head: ffff888057c0f000 0000000000080003 00000001f5000000 0000000000000000
[  228.610866][ T8595] head: 00fff00000000003 ffffea00015f0201 ffffffffffffffff 0000000000000000
[  228.619583][ T8595] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  228.628280][ T8595] page dumped because: kasan: bad access detected
[  228.634802][ T8595] page_owner tracks the page as allocated
[  228.640532][ T8595] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5829, tgid 5829 (syz-executor), ts 99188561302, free_ts 32585661858
[  228.661562][ T8595]  post_alloc_hook+0x2d1/0x350
[  228.666368][ T8595]  get_page_from_freelist+0xfce/0x2f80
[  228.671871][ T8595]  __alloc_pages_noprof+0x223/0x25b0
[  228.677369][ T8595]  alloc_pages_mpol_noprof+0x2c8/0x620
[  228.682880][ T8595]  new_slab+0x2c9/0x410
[  228.687102][ T8595]  ___slab_alloc+0xd7d/0x17a0
[  228.691837][ T8595]  __slab_alloc.constprop.0+0x56/0xb0
[  228.697275][ T8595]  __kmalloc_node_track_caller_noprof+0x2f1/0x510
[  228.703734][ T8595]  kmalloc_reserve+0xef/0x2c0
[  228.708468][ T8595]  pskb_expand_head+0x243/0x1240
[  228.713446][ T8595]  netlink_trim+0x1ef/0x250
[  228.717994][ T8595]  netlink_broadcast_filtered+0xc7/0xef0
[  228.723681][ T8595]  nlmsg_notify+0x9e/0x220
[  228.728155][ T8595]  rtmsg_ifinfo+0x174/0x1a0
[  228.732695][ T8595]  __dev_notify_flags+0x24e/0x2e0
[  228.737773][ T8595]  dev_change_flags+0x10c/0x160
[  228.742654][ T8595] page last free pid 1 tgid 1 stack trace:
[  228.748474][ T8595]  free_unref_page+0x661/0x1080
[  228.753355][ T8595]  free_contig_range+0x133/0x3f0
[  228.758326][ T8595]  destroy_args+0x802/0xa50
[  228.762889][ T8595]  debug_vm_pgtable+0x168e/0x31a0
[  228.767943][ T8595]  do_one_initcall+0x12b/0x700
[  228.772766][ T8595]  kernel_init_freeable+0x5c7/0x900
[  228.778023][ T8595]  kernel_init+0x1c/0x2b0
[  228.782386][ T8595]  ret_from_fork+0x48/0x80
[  228.786871][ T8595]  ret_from_fork_asm+0x1a/0x30
[  228.792176][ T8595] 
[  228.794514][ T8595] Memory state around the buggy address:
[  228.800213][ T8595]  ffff888057c0d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  228.808306][ T8595]  ffff888057c0d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  228.816399][ T8595] >ffff888057c0d100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  228.824501][ T8595]                                            ^
[  228.830683][ T8595]  ffff888057c0d180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  228.838774][ T8595]  ffff888057c0d200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  228.846859][ T8595] ==================================================================
[  228.868512][ T8595] ==================================================================
[  228.876660][ T8595] BUG: KASAN: slab-use-after-free in __sock_queue_rcv_skb+0x6fe/0xa80
[  228.884975][ T8595] Read of size 4 at addr ffff888057c0d140 by task syz.2.1022/8595
[  228.892919][ T8595] 
[  228.895270][ T8595] CPU: 1 UID: 0 PID: 8595 Comm: syz.2.1022 Tainted: G    B              6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  228.907473][ T8595] Tainted: [B]=BAD_PAGE
[  228.911646][ T8595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  228.921734][ T8595] Call Trace:
[  228.925039][ T8595]  <TASK>
[  228.927990][ T8595]  dump_stack_lvl+0x116/0x1f0
[  228.932730][ T8595]  print_report+0xc3/0x620
[  228.937188][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.942950][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.948625][ T8595]  ? __phys_addr+0xc6/0x150
[  228.953196][ T8595]  kasan_report+0xd9/0x110
[  228.957657][ T8595]  ? __sock_queue_rcv_skb+0x6fe/0xa80
[  228.963079][ T8595]  ? __sock_queue_rcv_skb+0x6fe/0xa80
[  228.968508][ T8595]  __sock_queue_rcv_skb+0x6fe/0xa80
[  228.973843][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.979529][ T8595]  sock_queue_rcv_skb_reason+0xa2/0xe0
[  228.985056][ T8595]  mgmt_cmd_status+0x304/0x520
[  228.989886][ T8595]  cmd_complete_rsp+0x165/0x1e0
[  228.994794][ T8595]  mgmt_pending_foreach+0xe2/0x140
[  228.999964][ T8595]  ? __pfx_cmd_complete_rsp+0x10/0x10
[  229.005391][ T8595]  __mgmt_power_off+0x12a/0x2c0
[  229.010285][ T8595]  ? __pfx___mgmt_power_off+0x10/0x10
[  229.015734][ T8595]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  229.021779][ T8595]  ? lockdep_hardirqs_on+0x7c/0x110
[  229.027033][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  229.032705][ T8595]  ? 0xffffffff81000000
[  229.036889][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  229.042560][ T8595]  hci_dev_close_sync+0xcbb/0x11a0
[  229.048060][ T8595]  ? __pfx_hci_dev_close_sync+0x10/0x10
[  229.053651][ T8595]  hci_dev_do_close+0x2e/0x90
[  229.058400][ T8595]  hci_dev_close+0x183/0x1e0
[  229.063029][ T8595]  hci_sock_ioctl+0x2b5/0x7d0
[  229.067773][ T8595]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  229.073025][ T8595]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  229.079056][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  229.084740][ T8595]  sock_do_ioctl+0x119/0x280
[  229.089379][ T8595]  ? __pfx_sock_do_ioctl+0x10/0x10
[  229.094549][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  229.100246][ T8595]  sock_ioctl+0x228/0x6c0
[  229.104643][ T8595]  ? __pfx_sock_ioctl+0x10/0x10
[  229.109564][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  229.115239][ T8595]  ? __fget_files+0x206/0x3a0
[  229.119982][ T8595]  ? __pfx_sock_ioctl+0x10/0x10
[  229.124894][ T8595]  __x64_sys_ioctl+0x193/0x200
[  229.129720][ T8595]  do_syscall_64+0xcd/0x250
[  229.134286][ T8595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.140245][ T8595] RIP: 0033:0x7f034dd85d29
[  229.144686][ T8595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  229.164437][ T8595] RSP: 002b:00007f034ebe5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  229.172910][ T8595] RAX: ffffffffffffffda RBX: 00007f034df75fa0 RCX: 00007f034dd85d29
[  229.180914][ T8595] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004
[  229.189007][ T8595] RBP: 00007f034de01b08 R08: 0000000000000000 R09: 0000000000000000
[  229.197011][ T8595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  229.205019][ T8595] R13: 0000000000000000 R14: 00007f034df75fa0 R15: 00007ffc75ec7218
[  229.213036][ T8595]  </TASK>
[  229.216076][ T8595] 
[  229.218407][ T8595] Allocated by task 6867:
[  229.222746][ T8595]  kasan_save_stack+0x33/0x60
[  229.227459][ T8595]  kasan_save_track+0x14/0x30
[  229.232252][ T8595]  __kasan_kmalloc+0xaa/0xb0
[  229.236880][ T8595]  __kmalloc_noprof+0x21c/0x510
[  229.241766][ T8595]  sk_prot_alloc+0x1a8/0x2a0
[  229.246400][ T8595]  sk_alloc+0x36/0xb90
[  229.250491][ T8595]  bt_sock_alloc+0x3b/0x3a0
[  229.255037][ T8595]  hci_sock_create+0xbc/0x1a0
[  229.259850][ T8595]  bt_sock_create+0x185/0x350
[  229.264573][ T8595]  __sock_create+0x338/0x8d0
[  229.269210][ T8595]  __sys_socket+0x14f/0x260
[  229.273759][ T8595]  __x64_sys_socket+0x72/0xb0
[  229.278572][ T8595]  do_syscall_64+0xcd/0x250
[  229.283125][ T8595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.289080][ T8595] 
[  229.291416][ T8595] Freed by task 8604:
[  229.295499][ T8595]  kasan_save_stack+0x33/0x60
[  229.300211][ T8595]  kasan_save_track+0x14/0x30
[  229.304966][ T8595]  kasan_save_free_info+0x3b/0x60
[  229.310040][ T8595]  __kasan_slab_free+0x51/0x70
[  229.314849][ T8595]  kfree+0x14f/0x4b0
[  229.318793][ T8595]  __sk_destruct+0x5eb/0x720
[  229.323442][ T8595]  sk_destruct+0xc2/0xf0
[  229.327720][ T8595]  __sk_free+0xf4/0x3e0
[  229.331911][ T8595]  sk_free+0x6a/0x90
[  229.335836][ T8595]  mgmt_pending_free+0xc0/0xf0
[  229.340648][ T8595]  cmd_complete_rsp+0x16d/0x1e0
[  229.345550][ T8595]  mgmt_pending_foreach+0xe2/0x140
[  229.350715][ T8595]  mgmt_index_removed+0x145/0x300
[  229.355776][ T8595]  hci_sock_bind+0xb57/0x14d0
[  229.360500][ T8595]  __sys_bind+0x216/0x260
[  229.364878][ T8595]  __x64_sys_bind+0x72/0xb0
[  229.369429][ T8595]  do_syscall_64+0xcd/0x250
[  229.373985][ T8595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.379933][ T8595] 
[  229.382273][ T8595] The buggy address belongs to the object at ffff888057c0d000
[  229.382273][ T8595]  which belongs to the cache kmalloc-2k of size 2048
[  229.396363][ T8595] The buggy address is located 320 bytes inside of
[  229.396363][ T8595]  freed 2048-byte region [ffff888057c0d000, ffff888057c0d800)
[  229.410340][ T8595] 
[  229.412677][ T8595] The buggy address belongs to the physical page:
[  229.419103][ T8595] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888057c0f000 pfn:0x57c08
[  229.429202][ T8595] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  229.437813][ T8595] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  229.446339][ T8595] page_type: f5(slab)
[  229.450347][ T8595] raw: 00fff00000000240 ffff88801b042000 ffffea0001631210 ffffea000172c010
[  229.458965][ T8595] raw: ffff888057c0f000 0000000000080003 00000001f5000000 0000000000000000
[  229.467842][ T8595] head: 00fff00000000240 ffff88801b042000 ffffea0001631210 ffffea000172c010
[  229.476544][ T8595] head: ffff888057c0f000 0000000000080003 00000001f5000000 0000000000000000
[  229.485247][ T8595] head: 00fff00000000003 ffffea00015f0201 ffffffffffffffff 0000000000000000
[  229.493954][ T8595] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  229.502644][ T8595] page dumped because: kasan: bad access detected
[  229.509071][ T8595] page_owner tracks the page as allocated
[  229.514804][ T8595] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5829, tgid 5829 (syz-executor), ts 99188561302, free_ts 32585661858
[  229.535628][ T8595]  post_alloc_hook+0x2d1/0x350
[  229.540434][ T8595]  get_page_from_freelist+0xfce/0x2f80
[  229.545939][ T8595]  __alloc_pages_noprof+0x223/0x25b0
[  229.551268][ T8595]  alloc_pages_mpol_noprof+0x2c8/0x620
[  229.556776][ T8595]  new_slab+0x2c9/0x410
[  229.560982][ T8595]  ___slab_alloc+0xd7d/0x17a0
[  229.565714][ T8595]  __slab_alloc.constprop.0+0x56/0xb0
[  229.571139][ T8595]  __kmalloc_node_track_caller_noprof+0x2f1/0x510
[  229.577593][ T8595]  kmalloc_reserve+0xef/0x2c0
[  229.582319][ T8595]  pskb_expand_head+0x243/0x1240
[  229.587298][ T8595]  netlink_trim+0x1ef/0x250
[  229.591930][ T8595]  netlink_broadcast_filtered+0xc7/0xef0
[  229.597617][ T8595]  nlmsg_notify+0x9e/0x220
[  229.602086][ T8595]  rtmsg_ifinfo+0x174/0x1a0
[  229.606631][ T8595]  __dev_notify_flags+0x24e/0x2e0
[  229.611736][ T8595]  dev_change_flags+0x10c/0x160
[  229.616629][ T8595] page last free pid 1 tgid 1 stack trace:
[  229.622451][ T8595]  free_unref_page+0x661/0x1080
[  229.627427][ T8595]  free_contig_range+0x133/0x3f0
[  229.632398][ T8595]  destroy_args+0x802/0xa50
[  229.636960][ T8595]  debug_vm_pgtable+0x168e/0x31a0
[  229.642018][ T8595]  do_one_initcall+0x12b/0x700
[  229.646839][ T8595]  kernel_init_freeable+0x5c7/0x900
[  229.652098][ T8595]  kernel_init+0x1c/0x2b0
[  229.656520][ T8595]  ret_from_fork+0x48/0x80
[  229.660969][ T8595]  ret_from_fork_asm+0x1a/0x30
[  229.665882][ T8595] 
[  229.668215][ T8595] Memory state around the buggy address:
[  229.673856][ T8595]  ffff888057c0d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  229.681956][ T8595]  ffff888057c0d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  229.690138][ T8595] >ffff888057c0d100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  229.698223][ T8595]                                            ^
[  229.704396][ T8595]  ffff888057c0d180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  229.712493][ T8595]  ffff888057c0d200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  229.720591][ T8595] ==================================================================
[  229.786678][ T8595] ==================================================================
[  229.794820][ T8595] BUG: KASAN: slab-use-after-free in __sock_queue_rcv_skb+0x708/0xa80
[  229.803038][ T8595] Read of size 4 at addr ffff888057c0d174 by task syz.2.1022/8595
[  229.810892][ T8595] 
[  229.813249][ T8595] CPU: 0 UID: 0 PID: 8595 Comm: syz.2.1022 Tainted: G    B              6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  229.825499][ T8595] Tainted: [B]=BAD_PAGE
[  229.829682][ T8595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  229.839773][ T8595] Call Trace:
[  229.843079][ T8595]  <TASK>
[  229.846042][ T8595]  dump_stack_lvl+0x116/0x1f0
[  229.850858][ T8595]  print_report+0xc3/0x620
[  229.855327][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  229.861019][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  229.866716][ T8595]  ? __phys_addr+0xc6/0x150
[  229.871299][ T8595]  kasan_report+0xd9/0x110
[  229.875777][ T8595]  ? __sock_queue_rcv_skb+0x708/0xa80
[  229.881395][ T8595]  ? __sock_queue_rcv_skb+0x708/0xa80
[  229.886843][ T8595]  __sock_queue_rcv_skb+0x708/0xa80
[  229.892111][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  229.897811][ T8595]  sock_queue_rcv_skb_reason+0xa2/0xe0
[  229.903341][ T8595]  mgmt_cmd_status+0x304/0x520
[  229.908184][ T8595]  cmd_complete_rsp+0x165/0x1e0
[  229.913109][ T8595]  mgmt_pending_foreach+0xe2/0x140
[  229.918321][ T8595]  ? __pfx_cmd_complete_rsp+0x10/0x10
[  229.923866][ T8595]  __mgmt_power_off+0x12a/0x2c0
[  229.928788][ T8595]  ? __pfx___mgmt_power_off+0x10/0x10
[  229.934221][ T8595]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  229.940293][ T8595]  ? lockdep_hardirqs_on+0x7c/0x110
[  229.945567][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  229.951253][ T8595]  ? 0xffffffff81000000
[  229.955441][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  229.961101][ T8595]  hci_dev_close_sync+0xcbb/0x11a0
[  229.966291][ T8595]  ? __pfx_hci_dev_close_sync+0x10/0x10
[  229.971875][ T8595]  hci_dev_do_close+0x2e/0x90
[  229.976633][ T8595]  hci_dev_close+0x183/0x1e0
[  229.981287][ T8595]  hci_sock_ioctl+0x2b5/0x7d0
[  229.986010][ T8595]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  229.991254][ T8595]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  229.997280][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  230.002948][ T8595]  sock_do_ioctl+0x119/0x280
[  230.007591][ T8595]  ? __pfx_sock_do_ioctl+0x10/0x10
[  230.012749][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  230.018412][ T8595]  sock_ioctl+0x228/0x6c0
[  230.022787][ T8595]  ? __pfx_sock_ioctl+0x10/0x10
[  230.027722][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  230.033382][ T8595]  ? __fget_files+0x206/0x3a0
[  230.038109][ T8595]  ? __pfx_sock_ioctl+0x10/0x10
[  230.043006][ T8595]  __x64_sys_ioctl+0x193/0x200
[  230.047812][ T8595]  do_syscall_64+0xcd/0x250
[  230.052362][ T8595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.058299][ T8595] RIP: 0033:0x7f034dd85d29
[  230.062735][ T8595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  230.082392][ T8595] RSP: 002b:00007f034ebe5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  230.090935][ T8595] RAX: ffffffffffffffda RBX: 00007f034df75fa0 RCX: 00007f034dd85d29
[  230.098942][ T8595] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004
[  230.106945][ T8595] RBP: 00007f034de01b08 R08: 0000000000000000 R09: 0000000000000000
[  230.114991][ T8595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  230.123028][ T8595] R13: 0000000000000000 R14: 00007f034df75fa0 R15: 00007ffc75ec7218
[  230.131046][ T8595]  </TASK>
[  230.134083][ T8595] 
[  230.136442][ T8595] Allocated by task 6867:
[  230.140777][ T8595]  kasan_save_stack+0x33/0x60
[  230.145475][ T8595]  kasan_save_track+0x14/0x30
[  230.150190][ T8595]  __kasan_kmalloc+0xaa/0xb0
[  230.154829][ T8595]  __kmalloc_noprof+0x21c/0x510
[  230.159724][ T8595]  sk_prot_alloc+0x1a8/0x2a0
[  230.164460][ T8595]  sk_alloc+0x36/0xb90
[  230.168598][ T8595]  bt_sock_alloc+0x3b/0x3a0
[  230.173132][ T8595]  hci_sock_create+0xbc/0x1a0
[  230.177849][ T8595]  bt_sock_create+0x185/0x350
[  230.182553][ T8595]  __sock_create+0x338/0x8d0
[  230.187438][ T8595]  __sys_socket+0x14f/0x260
[  230.191984][ T8595]  __x64_sys_socket+0x72/0xb0
[  230.196786][ T8595]  do_syscall_64+0xcd/0x250
[  230.201322][ T8595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.207256][ T8595] 
[  230.209584][ T8595] Freed by task 8604:
[  230.213565][ T8595]  kasan_save_stack+0x33/0x60
[  230.218260][ T8595]  kasan_save_track+0x14/0x30
[  230.222955][ T8595]  kasan_save_free_info+0x3b/0x60
[  230.228020][ T8595]  __kasan_slab_free+0x51/0x70
[  230.232803][ T8595]  kfree+0x14f/0x4b0
[  230.236727][ T8595]  __sk_destruct+0x5eb/0x720
[  230.241356][ T8595]  sk_destruct+0xc2/0xf0
[  230.245644][ T8595]  __sk_free+0xf4/0x3e0
[  230.249987][ T8595]  sk_free+0x6a/0x90
[  230.253893][ T8595]  mgmt_pending_free+0xc0/0xf0
[  230.258704][ T8595]  cmd_complete_rsp+0x16d/0x1e0
[  230.263582][ T8595]  mgmt_pending_foreach+0xe2/0x140
[  230.268721][ T8595]  mgmt_index_removed+0x145/0x300
[  230.273763][ T8595]  hci_sock_bind+0xb57/0x14d0
[  230.278477][ T8595]  __sys_bind+0x216/0x260
[  230.282835][ T8595]  __x64_sys_bind+0x72/0xb0
[  230.287456][ T8595]  do_syscall_64+0xcd/0x250
[  230.292002][ T8595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.297938][ T8595] 
[  230.300267][ T8595] The buggy address belongs to the object at ffff888057c0d000
[  230.300267][ T8595]  which belongs to the cache kmalloc-2k of size 2048
[  230.314357][ T8595] The buggy address is located 372 bytes inside of
[  230.314357][ T8595]  freed 2048-byte region [ffff888057c0d000, ffff888057c0d800)
[  230.328419][ T8595] 
[  230.330747][ T8595] The buggy address belongs to the physical page:
[  230.337159][ T8595] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888057c0f000 pfn:0x57c08
[  230.347245][ T8595] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  230.355971][ T8595] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  230.364524][ T8595] page_type: f5(slab)
[  230.368537][ T8595] raw: 00fff00000000240 ffff88801b042000 ffffea0001631210 ffffea000172c010
[  230.377136][ T8595] raw: ffff888057c0f000 0000000000080003 00000001f5000000 0000000000000000
[  230.385741][ T8595] head: 00fff00000000240 ffff88801b042000 ffffea0001631210 ffffea000172c010
[  230.394452][ T8595] head: ffff888057c0f000 0000000000080003 00000001f5000000 0000000000000000
[  230.403172][ T8595] head: 00fff00000000003 ffffea00015f0201 ffffffffffffffff 0000000000000000
[  230.411871][ T8595] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  230.420559][ T8595] page dumped because: kasan: bad access detected
[  230.427077][ T8595] page_owner tracks the page as allocated
[  230.432897][ T8595] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5829, tgid 5829 (syz-executor), ts 99188561302, free_ts 32585661858
[  230.453798][ T8595]  post_alloc_hook+0x2d1/0x350
[  230.458592][ T8595]  get_page_from_freelist+0xfce/0x2f80
[  230.464087][ T8595]  __alloc_pages_noprof+0x223/0x25b0
[  230.469426][ T8595]  alloc_pages_mpol_noprof+0x2c8/0x620
[  230.474946][ T8595]  new_slab+0x2c9/0x410
[  230.479134][ T8595]  ___slab_alloc+0xd7d/0x17a0
[  230.483842][ T8595]  __slab_alloc.constprop.0+0x56/0xb0
[  230.489338][ T8595]  __kmalloc_node_track_caller_noprof+0x2f1/0x510
[  230.495789][ T8595]  kmalloc_reserve+0xef/0x2c0
[  230.500498][ T8595]  pskb_expand_head+0x243/0x1240
[  230.505463][ T8595]  netlink_trim+0x1ef/0x250
[  230.509995][ T8595]  netlink_broadcast_filtered+0xc7/0xef0
[  230.515781][ T8595]  nlmsg_notify+0x9e/0x220
[  230.520227][ T8595]  rtmsg_ifinfo+0x174/0x1a0
[  230.524776][ T8595]  __dev_notify_flags+0x24e/0x2e0
[  230.529850][ T8595]  dev_change_flags+0x10c/0x160
[  230.534747][ T8595] page last free pid 1 tgid 1 stack trace:
[  230.540554][ T8595]  free_unref_page+0x661/0x1080
[  230.545432][ T8595]  free_contig_range+0x133/0x3f0
[  230.550558][ T8595]  destroy_args+0x802/0xa50
[  230.555104][ T8595]  debug_vm_pgtable+0x168e/0x31a0
[  230.560144][ T8595]  do_one_initcall+0x12b/0x700
[  230.564944][ T8595]  kernel_init_freeable+0x5c7/0x900
[  230.570180][ T8595]  kernel_init+0x1c/0x2b0
[  230.574540][ T8595]  ret_from_fork+0x48/0x80
[  230.578996][ T8595]  ret_from_fork_asm+0x1a/0x30
[  230.583887][ T8595] 
[  230.586304][ T8595] Memory state around the buggy address:
[  230.591937][ T8595]  ffff888057c0d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  230.600029][ T8595]  ffff888057c0d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  230.608142][ T8595] >ffff888057c0d100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  230.616251][ T8595]                                                              ^
[  230.623996][ T8595]  ffff888057c0d180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  230.632112][ T8595]  ffff888057c0d200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  230.640214][ T8595] ==================================================================
[  230.653890][ T5826] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  230.655030][ T8595] ==================================================================
[  230.673361][ T8595] BUG: KASAN: slab-use-after-free in __sock_queue_rcv_skb+0x9dd/0xa80
[  230.681603][ T8595] Read of size 8 at addr ffff888057c0d028 by task syz.2.1022/8595
[  230.689445][ T8595] 
[  230.691790][ T8595] CPU: 1 UID: 0 PID: 8595 Comm: syz.2.1022 Tainted: G    B              6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  230.704078][ T8595] Tainted: [B]=BAD_PAGE
[  230.708241][ T8595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  230.718322][ T8595] Call Trace:
[  230.721616][ T8595]  <TASK>
[  230.724564][ T8595]  dump_stack_lvl+0x116/0x1f0
[  230.729300][ T8595]  print_report+0xc3/0x620
[  230.733758][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  230.739429][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  230.745096][ T8595]  ? __phys_addr+0xc6/0x150
[  230.749652][ T8595]  kasan_report+0xd9/0x110
[  230.754105][ T8595]  ? __sock_queue_rcv_skb+0x9dd/0xa80
[  230.759521][ T8595]  ? __sock_queue_rcv_skb+0x9dd/0xa80
[  230.764977][ T8595]  __sock_queue_rcv_skb+0x9dd/0xa80
[  230.770218][ T8595]  sock_queue_rcv_skb_reason+0xa2/0xe0
[  230.775982][ T8595]  mgmt_cmd_status+0x304/0x520
[  230.780888][ T8595]  cmd_complete_rsp+0x165/0x1e0
[  230.785797][ T8595]  mgmt_pending_foreach+0xe2/0x140
[  230.790958][ T8595]  ? __pfx_cmd_complete_rsp+0x10/0x10
[  230.796387][ T8595]  __mgmt_power_off+0x12a/0x2c0
[  230.801282][ T8595]  ? __pfx___mgmt_power_off+0x10/0x10
[  230.806779][ T8595]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  230.812819][ T8595]  ? lockdep_hardirqs_on+0x7c/0x110
[  230.818068][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  230.823739][ T8595]  ? 0xffffffff81000000
[  230.827922][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  230.833598][ T8595]  hci_dev_close_sync+0xcbb/0x11a0
[  230.838749][ T8595]  ? __pfx_hci_dev_close_sync+0x10/0x10
[  230.844348][ T8595]  hci_dev_do_close+0x2e/0x90
[  230.849097][ T8595]  hci_dev_close+0x183/0x1e0
[  230.853719][ T8595]  hci_sock_ioctl+0x2b5/0x7d0
[  230.858456][ T8595]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  230.863712][ T8595]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  230.869734][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  230.875498][ T8595]  sock_do_ioctl+0x119/0x280
[  230.880572][ T8595]  ? __pfx_sock_do_ioctl+0x10/0x10
[  230.885741][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  230.891457][ T8595]  sock_ioctl+0x228/0x6c0
[  230.895841][ T8595]  ? __pfx_sock_ioctl+0x10/0x10
[  230.900745][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  230.906412][ T8595]  ? __fget_files+0x206/0x3a0
[  230.911146][ T8595]  ? __pfx_sock_ioctl+0x10/0x10
[  230.916049][ T8595]  __x64_sys_ioctl+0x193/0x200
[  230.920862][ T8595]  do_syscall_64+0xcd/0x250
[  230.925419][ T8595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.931366][ T8595] RIP: 0033:0x7f034dd85d29
[  230.935804][ T8595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  230.955807][ T8595] RSP: 002b:00007f034ebe5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  230.964261][ T8595] RAX: ffffffffffffffda RBX: 00007f034df75fa0 RCX: 00007f034dd85d29
[  230.972260][ T8595] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004
[  230.980256][ T8595] RBP: 00007f034de01b08 R08: 0000000000000000 R09: 0000000000000000
[  230.988335][ T8595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  230.996335][ T8595] R13: 0000000000000000 R14: 00007f034df75fa0 R15: 00007ffc75ec7218
[  231.004360][ T8595]  </TASK>
[  231.007393][ T8595] 
[  231.009723][ T8595] Allocated by task 6867:
[  231.014064][ T8595]  kasan_save_stack+0x33/0x60
[  231.018776][ T8595]  kasan_save_track+0x14/0x30
[  231.023477][ T8595]  __kasan_kmalloc+0xaa/0xb0
[  231.028100][ T8595]  __kmalloc_noprof+0x21c/0x510
[  231.032985][ T8595]  sk_prot_alloc+0x1a8/0x2a0
[  231.037703][ T8595]  sk_alloc+0x36/0xb90
[  231.041883][ T8595]  bt_sock_alloc+0x3b/0x3a0
[  231.046430][ T8595]  hci_sock_create+0xbc/0x1a0
[  231.051160][ T8595]  bt_sock_create+0x185/0x350
[  231.056058][ T8595]  __sock_create+0x338/0x8d0
[  231.060701][ T8595]  __sys_socket+0x14f/0x260
[  231.065267][ T8595]  __x64_sys_socket+0x72/0xb0
[  231.069995][ T8595]  do_syscall_64+0xcd/0x250
[  231.074641][ T8595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  231.080586][ T8595] 
[  231.082918][ T8595] Freed by task 8604:
[  231.086912][ T8595]  kasan_save_stack+0x33/0x60
[  231.091625][ T8595]  kasan_save_track+0x14/0x30
[  231.096328][ T8595]  kasan_save_free_info+0x3b/0x60
[  231.101398][ T8595]  __kasan_slab_free+0x51/0x70
[  231.106191][ T8595]  kfree+0x14f/0x4b0
[  231.110138][ T8595]  __sk_destruct+0x5eb/0x720
[  231.114784][ T8595]  sk_destruct+0xc2/0xf0
[  231.119054][ T8595]  __sk_free+0xf4/0x3e0
[  231.123231][ T8595]  sk_free+0x6a/0x90
[  231.127150][ T8595]  mgmt_pending_free+0xc0/0xf0
[  231.132307][ T8595]  cmd_complete_rsp+0x16d/0x1e0
[  231.137199][ T8595]  mgmt_pending_foreach+0xe2/0x140
[  231.142531][ T8595]  mgmt_index_removed+0x145/0x300
[  231.147771][ T8595]  hci_sock_bind+0xb57/0x14d0
[  231.152505][ T8595]  __sys_bind+0x216/0x260
[  231.156887][ T8595]  __x64_sys_bind+0x72/0xb0
[  231.161443][ T8595]  do_syscall_64+0xcd/0x250
[  231.166004][ T8595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  231.171970][ T8595] 
[  231.174305][ T8595] The buggy address belongs to the object at ffff888057c0d000
[  231.174305][ T8595]  which belongs to the cache kmalloc-2k of size 2048
[  231.188388][ T8595] The buggy address is located 40 bytes inside of
[  231.188388][ T8595]  freed 2048-byte region [ffff888057c0d000, ffff888057c0d800)
[  231.202220][ T8595] 
[  231.204561][ T8595] The buggy address belongs to the physical page:
[  231.211330][ T8595] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888057c0f000 pfn:0x57c08
[  231.221514][ T8595] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  231.230051][ T8595] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  231.238931][ T8595] page_type: f5(slab)
[  231.242941][ T8595] raw: 00fff00000000240 ffff88801b042000 ffffea0001631210 ffffea000172c010
[  231.251576][ T8595] raw: ffff888057c0f000 0000000000080003 00000001f5000000 0000000000000000
[  231.260294][ T8595] head: 00fff00000000240 ffff88801b042000 ffffea0001631210 ffffea000172c010
[  231.269102][ T8595] head: ffff888057c0f000 0000000000080003 00000001f5000000 0000000000000000
[  231.277933][ T8595] head: 00fff00000000003 ffffea00015f0201 ffffffffffffffff 0000000000000000
[  231.286670][ T8595] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  231.295356][ T8595] page dumped because: kasan: bad access detected
[  231.301781][ T8595] page_owner tracks the page as allocated
[  231.307503][ T8595] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5829, tgid 5829 (syz-executor), ts 99188561302, free_ts 32585661858
[  231.328353][ T8595]  post_alloc_hook+0x2d1/0x350
[  231.333239][ T8595]  get_page_from_freelist+0xfce/0x2f80
[  231.338736][ T8595]  __alloc_pages_noprof+0x223/0x25b0
[  231.344058][ T8595]  alloc_pages_mpol_noprof+0x2c8/0x620
[  231.349566][ T8595]  new_slab+0x2c9/0x410
[  231.353797][ T8595]  ___slab_alloc+0xd7d/0x17a0
[  231.358531][ T8595]  __slab_alloc.constprop.0+0x56/0xb0
[  231.363955][ T8595]  __kmalloc_node_track_caller_noprof+0x2f1/0x510
[  231.370419][ T8595]  kmalloc_reserve+0xef/0x2c0
[  231.375139][ T8595]  pskb_expand_head+0x243/0x1240
[  231.380109][ T8595]  netlink_trim+0x1ef/0x250
[  231.384653][ T8595]  netlink_broadcast_filtered+0xc7/0xef0
[  231.390338][ T8595]  nlmsg_notify+0x9e/0x220
[  231.394802][ T8595]  rtmsg_ifinfo+0x174/0x1a0
[  231.399361][ T8595]  __dev_notify_flags+0x24e/0x2e0
[  231.404441][ T8595]  dev_change_flags+0x10c/0x160
[  231.409336][ T8595] page last free pid 1 tgid 1 stack trace:
[  231.415188][ T8595]  free_unref_page+0x661/0x1080
[  231.420068][ T8595]  free_contig_range+0x133/0x3f0
[  231.425031][ T8595]  destroy_args+0x802/0xa50
[  231.429583][ T8595]  debug_vm_pgtable+0x168e/0x31a0
[  231.434634][ T8595]  do_one_initcall+0x12b/0x700
[  231.439441][ T8595]  kernel_init_freeable+0x5c7/0x900
[  231.444780][ T8595]  kernel_init+0x1c/0x2b0
[  231.449137][ T8595]  ret_from_fork+0x48/0x80
[  231.453673][ T8595]  ret_from_fork_asm+0x1a/0x30
[  231.458494][ T8595] 
[  231.460826][ T8595] Memory state around the buggy address:
[  231.466469][ T8595]  ffff888057c0cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  231.474553][ T8595]  ffff888057c0cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  231.482634][ T8595] >ffff888057c0d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  231.490885][ T8595]                                   ^
[  231.496272][ T8595]  ffff888057c0d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  231.504401][ T8595]  ffff888057c0d100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  231.512474][ T8595] ==================================================================
[  231.529067][ T8595] ==================================================================
[  231.537285][ T8595] BUG: KASAN: slab-use-after-free in __sock_queue_rcv_skb+0x2c8/0xa80
[  231.545505][ T8595] Write of size 4 at addr ffff888057c0d140 by task syz.2.1022/8595
[  231.553433][ T8595] 
[  231.555793][ T8595] CPU: 0 UID: 0 PID: 8595 Comm: syz.2.1022 Tainted: G    B              6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  231.568014][ T8595] Tainted: [B]=BAD_PAGE
[  231.572224][ T8595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  231.582297][ T8595] Call Trace:
[  231.585597][ T8595]  <TASK>
[  231.588554][ T8595]  dump_stack_lvl+0x116/0x1f0
[  231.593272][ T8595]  print_report+0xc3/0x620
[  231.597798][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.603451][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.609107][ T8595]  ? __phys_addr+0xc6/0x150
[  231.613651][ T8595]  kasan_report+0xd9/0x110
[  231.618090][ T8595]  ? __sock_queue_rcv_skb+0x2c8/0xa80
[  231.623489][ T8595]  ? __sock_queue_rcv_skb+0x2c8/0xa80
[  231.628922][ T8595]  kasan_check_range+0xef/0x1a0
[  231.633835][ T8595]  __sock_queue_rcv_skb+0x2c8/0xa80
[  231.639158][ T8595]  sock_queue_rcv_skb_reason+0xa2/0xe0
[  231.644660][ T8595]  mgmt_cmd_status+0x304/0x520
[  231.649480][ T8595]  cmd_complete_rsp+0x165/0x1e0
[  231.654379][ T8595]  mgmt_pending_foreach+0xe2/0x140
[  231.659544][ T8595]  ? __pfx_cmd_complete_rsp+0x10/0x10
[  231.664969][ T8595]  __mgmt_power_off+0x12a/0x2c0
[  231.669867][ T8595]  ? __pfx___mgmt_power_off+0x10/0x10
[  231.675282][ T8595]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  231.681319][ T8595]  ? lockdep_hardirqs_on+0x7c/0x110
[  231.686566][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.692320][ T8595]  ? 0xffffffff81000000
[  231.696543][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.702224][ T8595]  hci_dev_close_sync+0xcbb/0x11a0
[  231.707380][ T8595]  ? __pfx_hci_dev_close_sync+0x10/0x10
[  231.713017][ T8595]  hci_dev_do_close+0x2e/0x90
[  231.717752][ T8595]  hci_dev_close+0x183/0x1e0
[  231.722374][ T8595]  hci_sock_ioctl+0x2b5/0x7d0
[  231.727110][ T8595]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  231.732362][ T8595]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  231.738382][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.744057][ T8595]  sock_do_ioctl+0x119/0x280
[  231.748701][ T8595]  ? __pfx_sock_do_ioctl+0x10/0x10
[  231.753868][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.759545][ T8595]  sock_ioctl+0x228/0x6c0
[  231.763931][ T8595]  ? __pfx_sock_ioctl+0x10/0x10
[  231.768869][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  231.774546][ T8595]  ? __fget_files+0x206/0x3a0
[  231.779288][ T8595]  ? __pfx_sock_ioctl+0x10/0x10
[  231.784291][ T8595]  __x64_sys_ioctl+0x193/0x200
[  231.789107][ T8595]  do_syscall_64+0xcd/0x250
[  231.793668][ T8595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  231.799624][ T8595] RIP: 0033:0x7f034dd85d29
[  231.804066][ T8595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  231.823716][ T8595] RSP: 002b:00007f034ebe5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  231.832169][ T8595] RAX: ffffffffffffffda RBX: 00007f034df75fa0 RCX: 00007f034dd85d29
[  231.840168][ T8595] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004
[  231.848199][ T8595] RBP: 00007f034de01b08 R08: 0000000000000000 R09: 0000000000000000
[  231.856457][ T8595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  231.864456][ T8595] R13: 0000000000000000 R14: 00007f034df75fa0 R15: 00007ffc75ec7218
[  231.872497][ T8595]  </TASK>
[  231.875531][ T8595] 
[  231.877866][ T8595] Allocated by task 6867:
[  231.882205][ T8595]  kasan_save_stack+0x33/0x60
[  231.886916][ T8595]  kasan_save_track+0x14/0x30
[  231.892144][ T8595]  __kasan_kmalloc+0xaa/0xb0
[  231.896759][ T8595]  __kmalloc_noprof+0x21c/0x510
[  231.901638][ T8595]  sk_prot_alloc+0x1a8/0x2a0
[  231.906270][ T8595]  sk_alloc+0x36/0xb90
[  231.910360][ T8595]  bt_sock_alloc+0x3b/0x3a0
[  231.914907][ T8595]  hci_sock_create+0xbc/0x1a0
[  231.919632][ T8595]  bt_sock_create+0x185/0x350
[  231.924359][ T8595]  __sock_create+0x338/0x8d0
[  231.929341][ T8595]  __sys_socket+0x14f/0x260
[  231.933889][ T8595]  __x64_sys_socket+0x72/0xb0
[  231.938707][ T8595]  do_syscall_64+0xcd/0x250
[  231.943257][ T8595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  231.949291][ T8595] 
[  231.951627][ T8595] Freed by task 8604:
[  231.955753][ T8595]  kasan_save_stack+0x33/0x60
[  231.960457][ T8595]  kasan_save_track+0x14/0x30
[  231.965162][ T8595]  kasan_save_free_info+0x3b/0x60
[  231.970233][ T8595]  __kasan_slab_free+0x51/0x70
[  231.975026][ T8595]  kfree+0x14f/0x4b0
[  231.978988][ T8595]  __sk_destruct+0x5eb/0x720
[  231.983630][ T8595]  sk_destruct+0xc2/0xf0
[  231.987901][ T8595]  __sk_free+0xf4/0x3e0
[  231.992170][ T8595]  sk_free+0x6a/0x90
[  231.996091][ T8595]  mgmt_pending_free+0xc0/0xf0
[  232.000900][ T8595]  cmd_complete_rsp+0x16d/0x1e0
[  232.005809][ T8595]  mgmt_pending_foreach+0xe2/0x140
[  232.010972][ T8595]  mgmt_index_removed+0x145/0x300
[  232.016030][ T8595]  hci_sock_bind+0xb57/0x14d0
[  232.020760][ T8595]  __sys_bind+0x216/0x260
[  232.025229][ T8595]  __x64_sys_bind+0x72/0xb0
[  232.029779][ T8595]  do_syscall_64+0xcd/0x250
[  232.034335][ T8595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.040280][ T8595] 
[  232.042613][ T8595] The buggy address belongs to the object at ffff888057c0d000
[  232.042613][ T8595]  which belongs to the cache kmalloc-2k of size 2048
[  232.056701][ T8595] The buggy address is located 320 bytes inside of
[  232.056701][ T8595]  freed 2048-byte region [ffff888057c0d000, ffff888057c0d800)
[  232.071145][ T8595] 
[  232.073482][ T8595] The buggy address belongs to the physical page:
[  232.079909][ T8595] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888057c0f000 pfn:0x57c08
[  232.090206][ T8595] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  232.098752][ T8595] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  232.107387][ T8595] page_type: f5(slab)
[  232.111400][ T8595] raw: 00fff00000000240 ffff88801b042000 ffffea0001631210 ffffea000172c010
[  232.120554][ T8595] raw: ffff888057c0f000 0000000000080003 00000001f5000000 0000000000000000
[  232.129183][ T8595] head: 00fff00000000240 ffff88801b042000 ffffea0001631210 ffffea000172c010
[  232.138245][ T8595] head: ffff888057c0f000 0000000000080003 00000001f5000000 0000000000000000
[  232.146966][ T8595] head: 00fff00000000003 ffffea00015f0201 ffffffffffffffff 0000000000000000
[  232.155686][ T8595] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  232.164389][ T8595] page dumped because: kasan: bad access detected
[  232.170920][ T8595] page_owner tracks the page as allocated
[  232.176657][ T8595] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5829, tgid 5829 (syz-executor), ts 99188561302, free_ts 32585661858
[  232.197601][ T8595]  post_alloc_hook+0x2d1/0x350
[  232.202524][ T8595]  get_page_from_freelist+0xfce/0x2f80
[  232.208029][ T8595]  __alloc_pages_noprof+0x223/0x25b0
[  232.213377][ T8595]  alloc_pages_mpol_noprof+0x2c8/0x620
[  232.219018][ T8595]  new_slab+0x2c9/0x410
[  232.223293][ T8595]  ___slab_alloc+0xd7d/0x17a0
[  232.228035][ T8595]  __slab_alloc.constprop.0+0x56/0xb0
[  232.233468][ T8595]  __kmalloc_node_track_caller_noprof+0x2f1/0x510
[  232.239940][ T8595]  kmalloc_reserve+0xef/0x2c0
[  232.244683][ T8595]  pskb_expand_head+0x243/0x1240
[  232.249661][ T8595]  netlink_trim+0x1ef/0x250
[  232.254209][ T8595]  netlink_broadcast_filtered+0xc7/0xef0
[  232.259903][ T8595]  nlmsg_notify+0x9e/0x220
[  232.264386][ T8595]  rtmsg_ifinfo+0x174/0x1a0
[  232.268942][ T8595]  __dev_notify_flags+0x24e/0x2e0
[  232.274058][ T8595]  dev_change_flags+0x10c/0x160
[  232.279038][ T8595] page last free pid 1 tgid 1 stack trace:
[  232.284868][ T8595]  free_unref_page+0x661/0x1080
[  232.289771][ T8595]  free_contig_range+0x133/0x3f0
[  232.294754][ T8595]  destroy_args+0x802/0xa50
[  232.299313][ T8595]  debug_vm_pgtable+0x168e/0x31a0
[  232.304368][ T8595]  do_one_initcall+0x12b/0x700
[  232.309189][ T8595]  kernel_init_freeable+0x5c7/0x900
[  232.314448][ T8595]  kernel_init+0x1c/0x2b0
[  232.318818][ T8595]  ret_from_fork+0x48/0x80
[  232.323287][ T8595]  ret_from_fork_asm+0x1a/0x30
[  232.328117][ T8595] 
[  232.330464][ T8595] Memory state around the buggy address:
[  232.336294][ T8595]  ffff888057c0d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  232.344400][ T8595]  ffff888057c0d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  232.352853][ T8595] >ffff888057c0d100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  232.360969][ T8595]                                            ^
[  232.367163][ T8595]  ffff888057c0d180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  232.375284][ T8595]  ffff888057c0d200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  232.383374][ T8595] ==================================================================
[  232.401115][ T8595] Kernel panic - not syncing: kasan.fault=panic_on_write set ...
[  232.409003][ T8595] CPU: 0 UID: 0 PID: 8595 Comm: syz.2.1022 Tainted: G    B              6.13.0-rc7-syzkaller-00209-g9528d418de4d #0
[  232.421482][ T8595] Tainted: [B]=BAD_PAGE
[  232.425831][ T8595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  232.435934][ T8595] Call Trace:
[  232.439274][ T8595]  <TASK>
[  232.442250][ T8595]  dump_stack_lvl+0x3d/0x1f0
[  232.446887][ T8595]  panic+0x71d/0x800
[  232.450865][ T8595]  ? __pfx_panic+0x10/0x10
[  232.455345][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  232.461033][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  232.466720][ T8595]  ? preempt_schedule_common+0x44/0xc0
[  232.472233][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  232.477916][ T8595]  ? preempt_schedule_thunk+0x1a/0x30
[  232.483346][ T8595]  end_report+0x169/0x180
[  232.487726][ T8595]  kasan_report+0xe9/0x110
[  232.492183][ T8595]  ? __sock_queue_rcv_skb+0x2c8/0xa80
[  232.497609][ T8595]  ? __sock_queue_rcv_skb+0x2c8/0xa80
[  232.503020][ T8595]  kasan_check_range+0xef/0x1a0
[  232.507912][ T8595]  __sock_queue_rcv_skb+0x2c8/0xa80
[  232.513164][ T8595]  sock_queue_rcv_skb_reason+0xa2/0xe0
[  232.518848][ T8595]  mgmt_cmd_status+0x304/0x520
[  232.523660][ T8595]  cmd_complete_rsp+0x165/0x1e0
[  232.528561][ T8595]  mgmt_pending_foreach+0xe2/0x140
[  232.533729][ T8595]  ? __pfx_cmd_complete_rsp+0x10/0x10
[  232.539154][ T8595]  __mgmt_power_off+0x12a/0x2c0
[  232.544059][ T8595]  ? __pfx___mgmt_power_off+0x10/0x10
[  232.549504][ T8595]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  232.555594][ T8595]  ? lockdep_hardirqs_on+0x7c/0x110
[  232.560868][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  232.566563][ T8595]  ? 0xffffffff81000000
[  232.570762][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  232.576462][ T8595]  hci_dev_close_sync+0xcbb/0x11a0
[  232.581636][ T8595]  ? __pfx_hci_dev_close_sync+0x10/0x10
[  232.587247][ T8595]  hci_dev_do_close+0x2e/0x90
[  232.592283][ T8595]  hci_dev_close+0x183/0x1e0
[  232.596956][ T8595]  hci_sock_ioctl+0x2b5/0x7d0
[  232.601733][ T8595]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  232.607027][ T8595]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  232.613076][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  232.618791][ T8595]  sock_do_ioctl+0x119/0x280
[  232.623458][ T8595]  ? __pfx_sock_do_ioctl+0x10/0x10
[  232.628656][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  232.634338][ T8595]  sock_ioctl+0x228/0x6c0
[  232.638734][ T8595]  ? __pfx_sock_ioctl+0x10/0x10
[  232.643631][ T8595]  ? srso_alias_return_thunk+0x5/0xfbef5
[  232.649296][ T8595]  ? __fget_files+0x206/0x3a0
[  232.654038][ T8595]  ? __pfx_sock_ioctl+0x10/0x10
[  232.658984][ T8595]  __x64_sys_ioctl+0x193/0x200
[  232.663796][ T8595]  do_syscall_64+0xcd/0x250
[  232.668354][ T8595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.674296][ T8595] RIP: 0033:0x7f034dd85d29
[  232.678742][ T8595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  232.698510][ T8595] RSP: 002b:00007f034ebe5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  232.706968][ T8595] RAX: ffffffffffffffda RBX: 00007f034df75fa0 RCX: 00007f034dd85d29
[  232.714975][ T8595] RDX: 0000000000000000 RSI: 00000000400448ca RDI: 0000000000000004
[  232.722965][ T8595] RBP: 00007f034de01b08 R08: 0000000000000000 R09: 0000000000000000
[  232.730970][ T8595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  232.738968][ T8595] R13: 0000000000000000 R14: 00007f034df75fa0 R15: 00007ffc75ec7218
[  232.746974][ T8595]  </TASK>
[  232.750363][ T8595] Kernel Offset: disabled
[  232.754697][ T8595] Rebooting in 86400 seconds..