[Bug] KASAN: slab-use-after-free Read in fserror_worker

[Yue Sun]

Hello,

We hit a fserror_worker crash, and it looks distinct from the existing public
syzbot report (https://syzkaller.appspot.com/bug?extid=fbf6ff30de890ff32ec5).
This bug was reproduced on current upstream:
7.1.0-11610-gab9de95c9cf9
ab9de95c9cf9 ("Merge tag 'rust-7.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ojeda/linux")

Crash summary:

--- begin crash log ---
[ 875.659778][T118233] XFS (loop0): Torn write (CRC failure) detected at log block 0x40. Truncating head block from 0x50.
[ 875.660317][T118212] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N.
[ 875.663107][T118212] 00000030: 00 00 00 00 bd e7 de 5d 00 00 00 00 00 00 00 00 .......]........
[ 875.664381][T118212] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 875.665098][T118212] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 875.665815][T118212] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 875.666762][T118212] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 875.667485][T118212] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x250/0x500" at daddr 0x28 len 8 error 74
[ 875.670176][ T3272] sd 5:0:0:0: [sdd] Attached SCSI removable disk
[ 875.673320][T118212] XFS (loop1): Failed to recover leftover CoW staging extents, err -117.
[ 875.674470][T118212] XFS (loop1): Filesystem has been shut down due to log error (0x2).
[ 875.675339][T118212] XFS (loop1): Please unmount the filesystem and rectify the problem(s).
[ 875.676032][T118212] XFS (loop1): Ending recovery (logdev: internal)
[ 875.676722][T118212] XFS (loop1): Failed to initialize disk quotas, err -5.
[ 875.679116][T118212] XFS (loop1): Error -5 reserving per-AG metadata reserve pool.
[ 875.698044][T118266] loop3: detected capacity change from 0 to 32768
[ 875.711641][T118233] XFS (loop0): Starting recovery (logdev: internal)
[ 875.716233][T118266] xfs: Deprecated parameter 'ikeep'
[ 875.716759][T118266] XFS: ikeep mount option is deprecated.
[ 875.731871][T118266] XFS (loop3): DAX unsupported by block device. Turning off DAX.
[ 875.733072][T118266] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 875.733803][T118233] XFS (loop0): Metadata CRC error detected at xfs_refcountbt_read_verify+0x27/0xe0, xfs_refcountbt block 0x28
[ 875.734788][T118233] XFS (loop0): Unmount and run xfs_repair
[ 875.737014][T118233] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[ 875.737659][T118233] 00000000: 52 ff ff ff 7f 00 00 00 ff ff ff ff ff ff ff ff R...............
[ 875.751280][T118233] 00000010: 00 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 .......(........
[ 875.755388][ T34] sd 5:0:0:1: [sdb] Test Unit Ready failed: Result: hostbyte=DID_NO_CONNECT driverbyte=DRIVER_OK
[ 875.759663][ T3761] sd 5:0:0:1: Attached scsi generic sg3 type 0
[ 875.764775][T118266] XFS (loop3): Torn write (CRC failure) detected at log block 0x40. Truncating head block from 0x50.
[ 875.768089][T118233] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N.
[ 875.768850][T118233] 00000030: 00 00 00 00 bd e7 de 5d 00 00 00 00 00 00 00 00 .......]........
[ 875.769579][T118266] XFS (loop3): Starting recovery (logdev: internal)
[ 875.776769][ T34] sd 5:0:0:1: [sdb] Read Capacity(10) failed: Result: hostbyte=DID_NO_CONNECT driverbyte=DRIVER_OK
[ 875.777698][ T34] sd 5:0:0:1: [sdb] Sense not available.
[ 875.778230][ T34] sd 5:0:0:1: [sdb] 0 512-byte logical blocks: (0 B/0 B)
[ 875.778789][ T34] sd 5:0:0:1: [sdb] 0-byte physical blocks
[ 875.779324][ T34] sd 5:0:0:1: [sdb] Test WP failed, assume Write Enabled
[ 875.779362][T118233] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 875.779930][ T34] sd 5:0:0:1: [sdb] Asking for cache data failed
[ 875.780621][T118233] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 875.781190][ T34] sd 5:0:0:1: [sdb] Assuming drive cache: write through
[ 875.792001][T118233] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 875.792763][T118233] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 875.798807][T118373] sd 5:0:0:0: [sdd] Test Unit Ready failed: Result: hostbyte=DID_NO_CONNECT driverbyte=DRIVER_OK
[ 875.800703][T118233] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x250/0x500" at daddr 0x28 len 8 error 74
[ 875.806620][T118266] XFS (loop3): Metadata CRC error detected at xfs_refcountbt_read_verify+0x27/0xe0, xfs_refcountbt block 0x28
[ 875.807603][T118266] XFS (loop3): Unmount and run xfs_repair
[ 875.808077][T118266] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[ 875.808746][T118233] XFS (loop0): Failed to recover leftover CoW staging extents, err -117.
[ 875.818011][T118233] XFS (loop0): Filesystem has been shut down due to log error (0x2).
[ 875.818698][T118233] XFS (loop0): Please unmount the filesystem and rectify the problem(s).
[ 875.819395][T118233] XFS (loop0): Ending recovery (logdev: internal)
[ 875.822147][T118266] 00000000: 52 ff ff ff 7f 00 00 00 ff ff ff ff ff ff ff ff R...............
[ 875.822869][T118266] 00000010: 00 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 .......(........
[ 875.823572][T118266] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N.
[ 875.825297][T118233] XFS (loop0): Failed to initialize disk quotas, err -5.
[ 875.825943][T118233] XFS (loop0): Error -5 reserving per-AG metadata reserve pool.
[ 875.835513][T118266] 00000030: 00 00 00 00 bd e7 de 5d 00 00 00 00 00 00 00 00 .......]........
[ 875.836255][T118266] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 875.836969][T118266] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 875.849886][T118266] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 875.850652][T118266] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 875.855372][T118266] XFS (loop3): metadata I/O error in "xfs_btree_read_buf_block+0x250/0x500" at daddr 0x28 len 8 error 74
[ 875.856389][T118266] XFS (loop3): Failed to recover leftover CoW staging extents, err -117.
[ 875.866899][T118266] XFS (loop3): Filesystem has been shut down due to log error (0x2).
[ 875.867581][T118266] XFS (loop3): Please unmount the filesystem and rectify the problem(s).
[ 875.870452][T118266] XFS (loop3): Ending recovery (logdev: internal)
[ 875.871615][T118266] XFS (loop3): Failed to initialize disk quotas, err -5.
[ 875.872244][T118266] XFS (loop3): Error -5 reserving per-AG metadata reserve pool.
[ 875.897244][ T34] sd 5:0:0:1: [sdb] Attached SCSI removable disk
[ 875.926018][T118339] loop2: detected capacity change from 0 to 32768
[ 875.930678][T118339] xfs: Deprecated parameter 'ikeep'
[ 875.934239][T118339] XFS: ikeep mount option is deprecated.
[ 875.967331][ T24] ==================================================================
[ 875.968023][ T24] BUG: KASAN: slab-use-after-free in fserror_worker+0x2f0/0x320
[ 875.968628][ T24] Read of size 8 at addr ff110000581b4050 by task kworker/1:0/24
[ 875.969243][ T24]
[ 875.969434][ T24] CPU: 1 UID: 0 PID: 24 Comm: kworker/1:0 Not tainted 7.1.0-11610-gab9de95c9cf9 #36 PREEMPT(full)
[ 875.969445][ T24] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[ 875.969451][ T24] Workqueue: events fserror_worker
[ 875.969471][ T24] Call Trace:
[ 875.969475][ T24] <TASK>
[ 875.969479][ T24] dump_stack_lvl+0x116/0x1b0
[ 875.969512][ T24] print_report+0xf1/0x5c0
[ 875.969522][ T24] ? __virt_addr_valid+0x238/0x420
[ 875.969532][ T24] ? fserror_worker+0x2f0/0x320
[ 875.969542][ T24] kasan_report+0xca/0x100
[ 875.969552][ T24] ? fserror_worker+0x2f0/0x320
[ 875.969563][ T24] fserror_worker+0x2f0/0x320
[ 875.969573][ T24] ? __pfx_fserror_worker+0x10/0x10
[ 875.969584][ T24] ? _raw_spin_unlock_irq+0x23/0x50
[ 875.969595][ T24] process_one_work+0x9de/0x1bf0
[ 875.969605][ T24] ? __pfx_nsim_dev_hwstats_traffic_work+0x10/0x10
[ 875.969616][ T24] ? __pfx_process_one_work+0x10/0x10
[ 875.969625][ T24] ? __pfx_fserror_worker+0x10/0x10
[ 875.969636][ T24] worker_thread+0x693/0xeb0
[ 875.969645][ T24] ? __pfx_worker_thread+0x10/0x10
[ 875.969653][ T24] kthread+0x38d/0x4a0
[ 875.969666][ T24] ? __pfx_kthread+0x10/0x10
[ 875.969678][ T24] ret_from_fork+0xb09/0xdb0
[ 875.969688][ T24] ? __pfx_ret_from_fork+0x10/0x10
[ 875.969697][ T24] ? __pfx_kthread+0x10/0x10
[ 875.969709][ T24] ? kthread_affine_node+0x210/0x230
[ 875.969722][ T24] ? __switch_to+0x7a7/0x10e0
[ 875.969734][ T24] ? __pfx_kthread+0x10/0x10
[ 875.969747][ T24] ret_from_fork_asm+0x1a/0x30
[ 875.969761][ T24] </TASK>
[ 875.969764][ T24]
[ 875.981630][ T24] Allocated by task 118233:
[ 875.981984][ T24] kasan_save_stack+0x24/0x50
[ 875.982352][ T24] kasan_save_track+0x14/0x30
[ 875.982720][ T24] __kasan_kmalloc+0xaa/0xb0
[ 875.983084][ T24] __kmalloc_cache_noprof+0x2d5/0x6c0
[ 875.983507][ T24] sget_fc+0x1aa/0x1b20
[ 875.983842][ T24] get_tree_bdev_flags+0x1b7/0x620
[ 875.984247][ T24] vfs_get_tree+0x93/0x340
[ 875.984602][ T24] fc_mount+0x1a/0x220
[ 875.984928][ T24] path_mount+0x76e/0x20a0
[ 875.985298][ T24] __x64_sys_mount+0x293/0x310
[ 875.985683][ T24] do_syscall_64+0x11f/0x860
[ 875.986052][ T24] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 875.986516][ T24]
[ 875.986702][ T24] Freed by task 982:
[ 875.987009][ T24] kasan_save_stack+0x24/0x50
[ 875.987382][ T24] kasan_save_track+0x14/0x30
[ 875.987749][ T24] kasan_save_free_info+0x3b/0x60
[ 875.988147][ T24] __kasan_slab_free+0x61/0x80
[ 875.988522][ T24] kfree+0x2ca/0x6d0
[ 875.988834][ T24] process_one_work+0x9de/0x1bf0
[ 875.989221][ T24] worker_thread+0x693/0xeb0
[ 875.989595][ T24] kthread+0x38d/0x4a0
[ 875.989921][ T24] ret_from_fork+0xb09/0xdb0
[ 875.990287][ T24] ret_from_fork_asm+0x1a/0x30
[ 875.990663][ T24]
[ 875.990849][ T24] Last potentially related work creation:
[ 875.991292][ T24] kasan_save_stack+0x24/0x50
[ 875.991659][ T24] kasan_record_aux_stack+0xa7/0xc0
[ 875.992070][ T24] insert_work+0x36/0x230
[ 875.992407][ T24] __queue_work+0x9ff/0x12a0
[ 875.992771][ T24] queue_work_on+0x11c/0x140
[ 875.993132][ T24] rcu_core+0x59e/0x1130
[ 875.993476][ T24] handle_softirqs+0x1d4/0x980
[ 875.993855][ T24] run_ksoftirqd+0x3a/0x60
[ 875.994206][ T24] smpboot_thread_fn+0x3d4/0xaa0
[ 875.994597][ T24] kthread+0x38d/0x4a0
[ 875.994923][ T24] ret_from_fork+0xb09/0xdb0
[ 875.995292][ T24] ret_from_fork_asm+0x1a/0x30
[ 875.995684][ T24]
[ 875.995880][ T24] Second to last potentially related work creation:
[ 875.996386][ T24] kasan_save_stack+0x24/0x50
[ 875.996755][ T24] kasan_record_aux_stack+0xa7/0xc0
[ 875.997166][ T24] __call_rcu_common.constprop.0+0xa4/0xa00
[ 875.997638][ T24] deactivate_locked_super+0x171/0x1a0
[ 875.998078][ T24] get_tree_bdev_flags+0x44d/0x620
[ 875.998484][ T24] vfs_get_tree+0x93/0x340
[ 875.998837][ T24] fc_mount+0x1a/0x220
[ 875.999163][ T24] path_mount+0x76e/0x20a0
[ 875.999513][ T24] __x64_sys_mount+0x293/0x310
[ 875.999888][ T24] do_syscall_64+0x11f/0x860
[ 876.000253][ T24] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 876.000713][ T24]
[ 876.000899][ T24] The buggy address belongs to the object at ff110000581b4000
[ 876.000899][ T24] which belongs to the cache kmalloc-4k of size 4096
[ 876.001975][ T24] The buggy address is located 80 bytes inside of
[ 876.001975][ T24] freed 4096-byte region [ff110000581b4000, ff110000581b5000)
[ 876.003027][ T24]
[ 876.003214][ T24] The buggy address belongs to the physical page:
[ 876.003711][ T24] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x581b0
[ 876.004385][ T24] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 876.005039][ T24] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 876.005628][ T24] page_type: f5(slab)
[ 876.005946][ T24] raw: 00fff00000000040 ff11000100038140 dead000000000100 dead000000000122
[ 876.006613][ T24] raw: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000
[ 876.007276][ T24] head: 00fff00000000040 ff11000100038140 dead000000000100 dead000000000122
[ 876.007948][ T24] head: 0000000000000000 0000000800040004 00000000f5000000 0000000000000000
[ 876.008617][ T24] head: 00fff00000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff
[ 876.009286][ T24] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 876.009960][ T24] page dumped because: kasan: bad access detected
[ 876.010456][ T24] page_owner tracks the page as allocated
[ 876.010903][ T24] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 151, tgid 151 (kworker/u8:6), ts 81232107209, free_ts 81051416283
[ 876.012480][ T24] post_alloc_hook+0xff/0x130
[ 876.012854][ T24] get_page_from_freelist+0xe82/0x2bf0
[ 876.013285][ T24] __alloc_frozen_pages_noprof+0x27b/0x2a00
[ 876.013758][ T24] new_slab+0xad/0x610
[ 876.014084][ T24] refill_objects+0x10e/0x3d0
[ 876.014458][ T24] __pcs_replace_empty_main+0x352/0x670
[ 876.014898][ T24] __kmalloc_node_track_caller_noprof+0x658/0x860
[ 876.015407][ T24] kmalloc_reserve+0xe6/0x350
[ 876.015782][ T24] __alloc_skb+0x192/0x740
[ 876.016135][ T24] nsim_dev_trap_report_work+0x2b1/0xd40
[ 876.016580][ T24] process_one_work+0x9de/0x1bf0
[ 876.016969][ T24] worker_thread+0x693/0xeb0
[ 876.017332][ T24] kthread+0x38d/0x4a0
[ 876.017664][ T24] ret_from_fork+0xb09/0xdb0
[ 876.018028][ T24] ret_from_fork_asm+0x1a/0x30
[ 876.018408][ T24] page last free pid 9285 tgid 9285 stack trace:
[ 876.018899][ T24] free_pages_prepare+0x54b/0xd20
[ 876.019295][ T24] __free_contig_range_common+0x165/0x240
[ 876.019744][ T24] free_pages_bulk+0x125/0x1a0
[ 876.020126][ T24] vm_area_free_pages+0x17c/0x290
[ 876.020530][ T24] vfree+0x125/0x780
[ 876.020841][ T24] delayed_vfree_work+0x57/0x70
[ 876.021227][ T24] process_one_work+0x9de/0x1bf0
[ 876.021625][ T24] worker_thread+0x693/0xeb0
[ 876.021990][ T24] kthread+0x38d/0x4a0
[ 876.022319][ T24] ret_from_fork+0xb09/0xdb0
[ 876.022688][ T24] ret_from_fork_asm+0x1a/0x30
[ 876.023068][ T24]
[ 876.023258][ T24] Memory state around the buggy address:
[ 876.023698][ T24] ff110000581b3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 876.024326][ T24] ff110000581b3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 876.024951][ T24] >ff110000581b4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 876.025582][ T24] ^
[ 876.026103][ T24] ff110000581b4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 876.026734][ T24] ff110000581b4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 876.027358][ T24] ==================================================================
[ 876.059301][T118339] XFS (loop2): DAX unsupported by block device. Turning off DAX.
[ 876.060863][T118339] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 876.061104][ T24] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 876.061116][ T24] CPU: 1 UID: 0 PID: 24 Comm: kworker/1:0 Not tainted 7.1.0-11610-gab9de95c9cf9 #36 PREEMPT(full)
[ 876.061128][ T24] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[ 876.061134][ T24] Workqueue: events fserror_worker
[ 876.061150][ T24] Call Trace:
[ 876.061154][ T24] <TASK>
[ 876.061158][ T24] dump_stack_lvl+0x3d/0x1b0
[ 876.061173][ T24] vpanic+0x7f2/0xa70
[ 876.061187][ T24] ? __pfx_vpanic+0x10/0x10
[ 876.061200][ T24] panic+0xc2/0xd0
[ 876.061211][ T24] ? __pfx_panic+0x10/0x10
[ 876.061224][ T24] ? preempt_schedule_common+0x44/0xb0
[ 876.061235][ T24] ? fserror_worker+0x2f0/0x320
[ 876.061245][ T24] ? preempt_schedule_thunk+0x16/0x40
[ 876.061258][ T24] ? check_panic_on_warn+0x1f/0xc0
[ 876.061270][ T24] ? fserror_worker+0x2f0/0x320
[ 876.061280][ T24] check_panic_on_warn+0xb1/0xc0
[ 876.061292][ T24] ? fserror_worker+0x2f0/0x320
[ 876.061302][ T24] end_report+0x12c/0x180
[ 876.061312][ T24] ? fserror_worker+0x2f0/0x320
[ 876.061321][ T24] kasan_report+0xd8/0x100
[ 876.061330][ T24] ? fserror_worker+0x2f0/0x320
[ 876.061341][ T24] fserror_worker+0x2f0/0x320
[ 876.061350][ T24] ? __pfx_fserror_worker+0x10/0x10
[ 876.061361][ T24] ? _raw_spin_unlock_irq+0x23/0x50
[ 876.061372][ T24] process_one_work+0x9de/0x1bf0
[ 876.061382][ T24] ? __pfx_nsim_dev_hwstats_traffic_work+0x10/0x10
[ 876.061392][ T24] ? __pfx_process_one_work+0x10/0x10
[ 876.061402][ T24] ? __pfx_fserror_worker+0x10/0x10
[ 876.061412][ T24] worker_thread+0x693/0xeb0
[ 876.061421][ T24] ? __pfx_worker_thread+0x10/0x10
[ 876.061429][ T24] kthread+0x38d/0x4a0
[ 876.061442][ T24] ? __pfx_kthread+0x10/0x10
[ 876.061454][ T24] ret_from_fork+0xb09/0xdb0
[ 876.061480][ T24] ? __pfx_ret_from_fork+0x10/0x10
[ 876.061489][ T24] ? __pfx_kthread+0x10/0x10
[ 876.061501][ T24] ? kthread_affine_node+0x210/0x230
[ 876.061514][ T24] ? __switch_to+0x7a7/0x10e0
[ 876.061526][ T24] ? __pfx_kthread+0x10/0x10
[ 876.061539][ T24] ret_from_fork_asm+0x1a/0x30
[ 876.061552][ T24] </TASK>
[ 876.061684][ T24] Kernel Offset: disabled
--- end crash log ---

Syzkaller syz repro usage:

Save the syz program below as repro.prog, copy syz-execprog and syz-executor
from a matching syzkaller build into a VM booted with the target kernel, then
run:

chmod +x ./syz-execprog ./syz-executor
./syz-execprog -executor=./syz-executor -arch=amd64 -os=linux \
-sandbox=none -procs=4 -repeat=0 -threaded=true -collide=false \
-cover=0 \
-enable=tun,net_dev,net_reset,cgroups,binfmt_misc,close_fds,usb,vhci,wifi,ieee802154,sysctl,swap \
-optional=slowdown=1:sandbox_arg=0:type=qemu ./repro.prog

Syzkaller syz repro.prog:

--- begin repro.prog ---
# {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false CallComments:true LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}
syz_mount_image$xfs(&(0x7f0000009700), &(0x7f0000009740)='./file0\x00', 0x4200000, &(0x7f0000000180)={[{@filestreams}, {@nouuid}, {@ikeep}, {@sysvgroups}, {@dax}, {@dax}, {@prjquota}, {@largeio}, {@gquota}]}, 0x1, 0x97de, &(0x7f000002f540)="$eJzs3QWcrWWheP85cIBDhyBYgJSYpIQo0qGIkqKEIC0pIAJKhxIqKAIqKKB0d3cj3d3d3fH/HDiAHhdcvP/7u3Bda308s2fH7Hn2832f19nzDnsvNd9icw0MjDPwZm+dvtO5u92x3OJjLrTecbsMvn6vHRd+eNjFI795Mu4cw07nHHY618DAwKBh9zPozcsGz37scSMMDB4Y+r93GmPU0UYYY2BgtGFnh93PwMxvnoy+/1u3e324eKCTDv12O7z5743GHHonQz9ZZvlX1x4YGBjyD18/dFzT/ssDlbbUnPPP947V224jDLt60DvXvXE6+M1/o+87MDD63gPvvn0Mve1I//C1/5sN/Z7jTD6wxB0fwPf+P9dSc86/4HD+Q9fiiMMum3noGh9+DRobfjvfcbE1Hhw2hYOGTdzgf1gvH8R2/99qqTnnW2jg3dfxwMLzbvrA62/sNwfPMzAweN6BgcHzDQwMnv+D9qj/mT7Qja+qqqo+kOaca4ahz9lHGO7ngSFv/VxLPxde+Mp09wwMDF74zeeJg5d/67lgVVVVVVVVVX04m3OuGeaG5//jvNfz/0lP2Wbcnv9XVVVVVVVV/d9pwTnnmmHoc/3hnv9P9F7P/5946LD93vzb/zlmfvOrXvtgH0RVVVVVVVVVvWfzLYjP/yd9r+f/Fx876WU9/6+qqqqqqqr6v9Oir7/++ub/8Dp7wy6e+q3r6fn/affftuwHNuCqqqqqqqqq+rd77dGTT3/nNd8nHhju9d7faNjvBQYdeeYVV3xgA/1wNOhffx+yxQc9pv+/DXUecvCkAwNrL/FBD6U+gP7PvFZ9/T8pf3f5u8vfXf7u8neXv7v83eXvLn93+bvL313+7vIX9y7H/99+/f/Tjl7xrfeC/8yUM9xw8jtf+cZ7/w9eeMFHt/yAhv5B9J96/H9g9UEDA8N8x1l9YGBg4TkXXXzqgYGBk2+YYcopBt6+bpah18023ohvvEH8W/+ZyLzj8h1vMdmbp0M3lIHx376PI9+4/wVf32fEQcMN4h8a9/j99lttqednHP50qnd/HCO8/dmYxz301n/LMsJwNxryLl/81v2/9ViGdx429qmHjn2aDdZad5r1N97ki6uvtcKqK6+68tqzTj/TdDPOOutMM02zyuprrjztmx/fbc4mfePj3O9nzsYYfs4enfMf52z4x/Zuczbpe8/ZG/e460VDvv7WnA3+N+ds7vees0lXH/aNxp1jpIHl35ibQQMD484z0sBGQ89MN8rAwLjzDrvtRENv+9XxRhgY2PmdBzr0s1He3gYHbTH0NkvNt9hcb+6mBgbeOX2nd3k/+5GHjXyOYadzDjud681vM87AO5vi4NmPPW6EoXPxT9MxxqijjTDGwMBow84Ou5+BWd88Ge2Ut273Lu+zPtxA33iZlR3e/PdGYw4MDIw+9JOJVzht26FT/7/wPu3/rf///xevWQa9vT0OGvZv2G3e9Jpz/gXf+V5vTMPQuRtx2GUzDzX5H35r+3/qX8Y76ZCBSd9jvO/xujhvRNvXmidPsNX/1Ovi0Hgneo/xvsfr+L7reJe8Z48H37yr/7HxDrevW+iNj3O8n33dwHvv60akO1j50k8Nv6/75rsP8Z92l2/N0SjD3ejd9nUT7TnJFkPvf4733tctNHTsI/3Tvm6EgYFx535rXzd0xzffSAM7Dz0z/dAz8480cODQMzO8cWbUgTOHnvnSiuusudLQCxb41+1g6kH/9AeasM7mG26dDfqHxz5ouL/vHPzm6ej7vvUeTu+y3xw07GH9l/sK2m7HeY/xvsf7T+E8D71spaOGTPA/9f5TNN4h7z3ed3u/7Hcd707PnXbH//B4315nI/3DdC3wftbZpP+8zoY+xBH/YWW835/DVoLbv/n5RG/f24abPfT2zxQjDXe//9XPFAu89zobZ/Xhvm77vQcGvdfczP9+5uaT/7IP2vIf5+b9/rw19eRvXj/ie8zNKLMuN9VbczPyvzk38/+7czPHwIj/PDeDB+YdGBiYYtj+Yb73MzcTvffcvN/tZjS4/Zufr/z2RfPsePD5b83N8HPxX83NfP/u3Ez69nYzxRvXTTbCwMgjD2y0wgYbrDfdmx/fOjv9mx/few3O837mcpz/mbn8+OB3m8t3NtUx7rls3/9iDf7LPv2t+5/n353LgbfncmD14RdLfVjr93/u8neXv7v83eXvLn93+Yt7l+P/b7/+/+7jzLbLsF9ujHTZJBNu90GP9wPuP/r4/zDffzr+v92Ek1w2wsDb173n8dk3b/OhPD4785sno+//1u2GPz7IA33347N7zzrzNv9Lx2f/W721Vt/H7+Ha/7vL313+7vJ3l7+7/N3l7y5/d/m7y99d/u7yd5e/u/zFvcvx/2nf+juA+6db5KlhB0JHenjrpRf5oMf7Afcfffx/mO8/Hf9fZOmtHx5h4O3r3vP4/5u3cRz/v+vl+Xb6MB//f2utdvy//ovyd5e/u/zd5e8uf3f5u8vfXf7u8neXv7v83eXvLn9x73L8f463/g7gsMP22OStvwe4ZtwdTv6gx/sB9596/H/IwYN6/39p7f/d5e8uf3f5u8vfXf7u8neXv7v/pv/w75xV/0dr/bvL313+7vJ3l7+4Ycf/B4Z7e8vvtF1gcPz//3bv4r9I/pjFf9H8MYv/YvljFv/F88cs/kvkj1n8l8wfs/h/N3/M4r9U/pjF/3v5Yxb/7+ePWfyXzh+z+C+TP2bxXzZ/zOK/XP6Yxf8H+WMW/+Xzxyz+K+SPWfx/mD9m8V8xf8ziv1L+mMV/5fwxi/8q+WMW/1Xzxyz+q+WPWfxXzx+z+P8of8ziv0b+mMV/zfwxi/9a+WMW/7Xzxyz+6+SPWfzXzR+z+P84f8ziv17+mMV//fwxi/8G+WMW/5/kj1n8N8wfs/j/NH/M4r9R/pjFf+P8MYv/JvljFv+f5Y9Z/H+eP2bx3zR/zOK/Wf6YxX/z/DGL/xb5Yxb/LfPHLP5b5Y9Z/LfOH7P4b5M/ZvHfNn/M4r9d/pjF/xf5Yxb/X+aPWfy3zx+z+O+QP2bx3zF/zOK/U/6Yxf9X+WMW/1/nj1n8f5M/ZvHfOX/M4r9L/pjF/7f5Yxb/3+WPWfx3zR+z+P8+f8ziv1v+mMV/9/wxi/8e+WMW/z/kj1n8/5g/ZvH/U/6YxX/P/DGL/175Yxb/P+ePWfz/kj9m8d87f8ziv0/+mMV/3/wxi/9f88cs/n/LH7P475c/ZvHfP3/M4n9A/pjF/8D8MYv/QfljFv+D88cs/ofkj1n8D80fs/gflj9m8T88f8zif0T+mMX/yPwxi/9R+WMW/6Pzxyz+x+SPWfyPzR+z+B+XP2bxPz5/zOJ/Qv6Yxf/E/DGL/0n5Yxb/k/PHLP6n5I9Z/E/NH7P4n5Y/ZvE/PX/M4n9G/pjF/8z8MYv/WfljFv+z88cs/ufkj1n8z80fs/iflz9m8T8/f8zif0H+mMX/wvwxi/9F+WMW/4vzxyz+f88fs/hfkj9m8b80f8zif1n+mMX/8vwxi/8V+WMW/yvzxyz+V+WPWfyvzh+z+F+TP2bxvzZ/zOJ/Xf6Yxf/6/DGL/w35Yxb/G/PHLP435Y9Z/G/OH7P435I/ZvG/NX/M4n9b/pjF//b8MYv/HfljFv8788cs/nflj1n8784fs/jfkz9m8b83f8zif1/+mMX//vwxi/8D+WMW/wfzxyz+D+WPWfwfzh+z+D+SP2bxfzR/zOL/WP6Yxf/x/DGL/xP5Yxb/J/PHLP5P5Y9Z/J/OH7P4P5M/ZvF/Nn/M4v9c/pjF//n8MYv/C/ljFv8X88cs/i/lj1n8X84fs/i/kj9m8X81f8zi/1r+mMX/9fwxif+ggfwxi/+g/DGL/wj5Yxb/EfPHLP6D88cs/iPlj1n8R84fs/iPkj9m8R+SP2bxHzV/zOI/Wv6YxX/0/DGL/xj5Yxb/MfPHLP5j5Y9Z/MfOH7P4j5M/ZvEfN3/M4j9e/pjF/yP5Yxb/8fPHLP4T5I9Z/D+aP2bxnzB/zOI/Uf6Yxf9j+WMW/4/nj1n8P5E/ZvH/ZP6Yxf9T+WMW/4nzxyz+k+SPWfwnzR+z+H86f8ziP9lb/kM+oHF9SLP4T976xyz+U+SPWfynzB+z+E+VP2bx/0z+mMV/6vwxi/9n88cs/p/LH7P4fz5/zOL/hfwxi/8X88cs/l/KH7P4T5M/ZvGfNn/M4j9d/pjFf/r8MYv/DPljFv8Z88cs/l/OH7P4z5Q/ZvGfOX/M4j9L/pjFf9b8MYv/V/LHLP6z5Y9Z/L+aP2bx/1r+mMV/9vwxi//X88cs/nPkj1n858wfs/jPlT9m8Z87f8ziP0/+mMV/3vwxi/98+WMW//nzxyz+C+SPWfwXzB+z+H8jf8zi/838MYv/QvljFv9v5Y9Z/BfOH7P4fzt/zOL/nfwxi/8i+WMW/0Xzxyz+i+WPWfwXzx+z+C+RP2bxXzJ/zOL/3fwxi/9S+WMW/+/lj1n8v58/ZvFfOn/M4r9M/pjFf9n8MYv/cvljFv8f5I9Z/JfPH7P4r5A/ZvH/Yf6YxX/F/DGL/0r5Yxb/lfPHLP6r5I9Z/FfNH7P4r5Y/ZvFfPX/M4v+j/DGL/xr5Yxb/NfPHLP5r5Y9Z/NfOH7P4r5M/ZvFfN3/M4v/j/DGL/3r5Yxb/9fPHLP4b5I9Z/H+SP2bx3zB/zOL/0/wxi/9G+WMW/43zxyz+m+SPWfx/lj9m8f95/pjFf9P8MYv/ZvljFv/N88cs/lvkj1n8t8wfs/hvlT9m8d86f8ziv03+mMV/2/wxi/92+WMW/1/kj1n8f5k/ZvHfPn/M4r9D/pjFf8f8MYv/TvljFv9f5Y9Z/H+dP2bx/03+mMV/5/wxi/8u+WMW/9/mj1n8f5c/ZvHfNX/M4v/7/DGL/275Yxb/3fPHLP575I9Z/P+QP2bx/2P+mMX/T/ljFv8988cs/nvlj1n8/5w/ZvH/S/6YxX/v/DGL/z75Yxb/ffPHLP5/zR+z+P8tf8ziv1/+mMV///wxi/8B/+x/3//6uD6kWfwPbP1jFv+D8scs/gfnj1n8D8kfs/gfmj9m8T8sf8zif3j+mMX/iPwxi/+R+WMW/6Pyxyz+R+ePWfyPyR+z+B+bP2bxPy5/zOJ/fP6Yxf+E/DGL/4n5Yxb/k/LHLP4n549Z/E/JH7P4n5o/ZvE/LX/M4n96/pjF/4z8MYv/mfljFv+z8scs/mfnj1n8z8kfs/ifmz9m8T8vf8zif37+mMX/gvwxi/+F+WMW/4vyxyz+F+ePSfzfKP9/TeI/6JL8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8b8qf8zif3X+mMX/mvwxi/+1+WMW/+vyxyz+1+ePWfxvyB+z+N+YP2bxvyl/zOJ/c/6Yxf+W/DGL/635Yxb/2/LHLP63549Z/O/IH7P435k/ZvG/K3/M4n93/pjF/578MYv/vfljFv/78scs/vfnj1n8H8gfs/g/mD9m8X8of8zi/3D+mMX/kfwxi/+j+WMW/8fyxyz+j+ePWfyfyB+z+D+ZP2bxfyp/zOL/dP6Yxf+Z/DGL/7P5Yxb/5/LHLP7P549Z/F/IH7P4v5j/yHShxf+l/DGL/8v5Yxb/V/LHLP6v5o9Z/F/LH7P4v54/JvF/49P8/zWL/6D8MYv/CPljFv8R88cs/oPzxyz+I+WPWfxHzh+z+I+SP2bxH5I/ZvEfNX/M4j9a/pjFf/T8MYv/GPljFv8x88cs/mPlj1n8x84fs/iPkz9m8R83f8ziP17+mMX/I/ljFv/x88cs/hPkj1n8P5o/ZvGfMH/M4j9R/pjF/2P5Yxb/j+ePWfw/kT9m8f9k/pjF/1P5Yxb/ifPHLP6T5I9Z/CfNH7P4fzp/zOI/Wf6YxX/y/DGL/xT5Yxb/KfPHLP5T5Y9Z/D+TP2bxnzp/zOL/2fwxi//n8scs/p/PH7P4fyF/zOL/xfwxi/+X8scs/tPkj1n8p80fG3TubiMNDAz8x/tPlz9mWf/T549Z/GfIH7P4z5g/ZvH/cv6YxX+m/DGL/8z5Yxb/WfLHLP6z5o9Z/L+SP2bxny1/zOL/1fwxi//X8scs/rPnj1n8v54/ZvGfI3/M4j9n/pjFf678MYv/3PljFv958scs/vPmj1n858sfs/jPnz9m8V8gf8ziv2D+mMX/G/ljFv9v5o9Z/BfKH7P4fyt/zOK/cP6Yxf/b+WMW/+/kj1n8F8kfs/gvmj9m8V8sf8ziv3j+mMV/ifwxi/+S+WMW/+/mj1n8l8ofs/h/L3/M4v/9/DGL/9L5Yxb/ZfLHLP7L5o9Z/JfLH7P4/yB/zOK/fP6YxX+F/DGL/w/zxyz+K+aPWfxXyh+z+K+cP2bxXyV/zOK/av6YxX+1/DGL/+r5Yxb/H+WPWfzXyB+z+K+ZP2bxXyt/zOK/dv6YxX+d/DGL/7r5Yxb/H+ePWfzXyx+z+K+fP2bx3yB/zOL/k/wxi/+G+WMW/5/mj1n8N8ofs/hvnD9m8d8kf8zi/7P8MYv/z/PHLP6b5o9Z/DfLH7P4b54/ZvHfIn/M4r9l/pjFf6v8MYv/1vljFv9t8scs/tvmj1n8t8sfs/j/In/M4v/L/DGL//b5Yxb/HfLHLP475o9Z/HfKH7P4/yp/zOL/6/wxi/9v8scs/jvnj1n8d8kfs/j/Nn/M4v+7/DGL/675Yxb/3+ePWfx3yx+z+O+eP2bx3yN/zOL/h/wxi/8f88cs/n/KH7P475k/ZvHfK3/M4v/n/DGL/1/yxyz+e+ePWfz3yR+z+O+bP2bx/2v+mMX/b/ljFv/98scs/vvnj1n8D8gfs/gfmD9m8T8of8zif3D+mMX/kPwxi/+h+WMW/8Pyxyz+h+ePWfyPyB+z+B+ZP2bxPyp/zOJ/dP6Yxf+Y/DGL/7H5Yxb/4/LHLP7H549Z/E/IH7P4n5g/ZvE/KX/M4n9y/pjF/5T8MYv/qfljFv/T8scs/qfnj1n8z8gfs/ifmT9m8T8rf8zif3b+mMX/nPwxi/+5+WMW//Pyxyz+5+ePWfwvyB+z+F+YP2bxvyh/zOJ/cf6Yxf/v+WMW/0vyxyz+l+aPWfwvyx+z+F+eP2bxvyJ/zOJ/Zf6Yxf+q/DGL/9X5Yxb/a/LHLP7X5o9Z/K/LH7P4X58/ZvG/IX/M4n9j/pjF/6b8MYv/zfljFv9b8scs/rfmj1n8b8sfs/jfnj9m8b8jf8zif2f+mMX/rn/2n+N/fVwf0iz+d7f+MYv/PfljFv9788cs/vflj1n8788fs/g/kD9m8X8wf8zi/1D+mMX/4fwxi/8j+WMW/0fzxyz+j+WPWfwfzx+z+D+RP2bxfzJ/zOL/VP6Yxf/p/DGL/zP5Yxb/Z/PHLP7P5Y9Z/J/PH7P4v5A/ZvF/MX/M4v9S/pjF/+X8MYv/K/ljFv9X88cs/q/lj1n8X88fk/iPOJA/ZvEflD9m8R8hf8ziP2L+mMV/cP6YxX+k/DGL/8j5Yxb/UfLHLP5D8scs/qPmj1n8R8sfs/iPnj9m8R8jf8ziP2b+mMV/rPwxi//Y+WMW/3Hyxyz+4+aPWfzHyx+z+H8kf8ziP37+mMV/gvwxi/9H88cs/hPmj1n8J8ofs/h/LH/M4v/x/DGL/yfyxyz+n8wfs/h/Kn/M4j9x/pjFf5L8MYv/pPljFv9P549Z/CfLH7P4T54/ZvGfIn/M4j9l/pjFf6r8MYv/Z/LHLP5T549Z/D+bP2bx/1z+mMX/8/ljFv8v5I9Z/L+YP2bx/1L+mMV/mvwxi/+0+WMW/+nyxyz+0+ePWfxnyB+z+M+YP2bx/3L+mMV/pvwxi//M+WMW/1nyxyz+s+aPWfy/kj9m8Z8tf8zi/9X8MYv/1/LHLP6z549Z/L+eP2bxnyN/zOI/Z/6YxX+u/DGL/9z5Yxb/efLHLP7z5o9Z/OfLH7P4z58/ZvFfIH/M4r9g/pjF/xv5Yxb/b+aPWfwXyh+z+H8rf8ziv3D+mMX/2/ljFv/v5I9Z/BfJH7P4L5o/ZvFfLH/M4r94/pjFf4n8MYv/kvljFv/v5o9Z/JfKH7P4fy9/zOL//fwxi//S+WMW/2Xyxyz+y+aPWfyXyx+z+P8gf8ziv3z+mMV/hfwxi/8P88cs/ivmj1n8V8ofs/ivnD9m8V8lf8ziv2r+mMV/tfwxi//q+WMW/x/lj1n818gfs/ivmT9m8V8rf8ziv3b+mMV/nfwxi/+6+WMW/x/nj1n818sfs/ivnz9m8d8gf8zi/5P8MYv/hvljFv+f5o9Z/DfKH7P4b5w/ZvHfJH/M4v+z/DGL/8/zxyz+m+aPWfw3yx+z+G+eP2bx3yJ/zOK/Zf6YxX+r/DGL/9b5Yxb/bfLHLP7b5o9Z/LfLH7P4/yJ/zOL/y/wxi//2+WMW/x3yxyz+O+aPWfx3yh+z+P8qf8zi/+v8MYv/b/LHLP47549Z/HfJH7P4/zZ/zOL/u/wxi/+u+WMW/9/nj1n8d8sfs/jvnj9m8d8jf8zi/4f8MYv/H/PHLP5/yh+z+O+ZP2bx3yt/zOL/5/wxi/9f8scs/nvnj1n898kfs/jvmz9m8f9r/pjF/2/5Yxb//fLHLP77549Z/A/IH7P4H5g/ZvE/KH/M4n9w/pjF/5D8MYv/ofljFv/D8scs/ofnj1n8j8gfs/gfmT9m8T8qf8zif3T+mMX/mPwxi/+x+WMW/+Pyxyz+x+ePWfxPyB+z+J+YP2bxPyl/zOJ/cv6Yxf+U/DGL/6n5Yxb/0/LHLP6n549Z/M/IH7P4n5k/ZvE/K3/M4n92/pjF/5z8MYv/ufljFv/z8scs/ufnj1n8L8gfs/hfmD9m8b8of8zif3H+mMX/7/ljFv9L8scs/pfmj1n8L8sfs/hfnj9m8b8if8zif2X+mMX/qvwxi//V+WMW/2vyxyz+1+aPWfyvyx+z+F+fP2bxvyF/zOJ/Y/6Yxf+m/DGL/835Yxb/W/LHLP635o9Z/G/LH7P4354/ZvG/I3/M4n9n/pjF/678MYv/3fljFv978scs/vfmj1n878sfs/jfnz9m8X8gf8zi/2D+mMX/ofwxi//D+WMW/0fyxyz+j+aPWfwfyx+z+D+eP2bxfyJ/zOL/ZP6Yxf+p/DGL/9P5Yxb/Z/LHLP7P5o9Z/J/LH7P4P58/ZvF/IX/M4v9i/pjF/6X8MYv/y/ljFv9X8scs/q/mj1n8X8sfs/i/nj8m8R88kD9m8R+UP2bxHyF/zOI/Yv6YxX9w/pjFf6T8MYv/yPljFv9R8scs/kPyxyz+o+aPWfxHyx+z+I+eP2bxHyN/zOI/Zv6YxX+s/DGL/9j5Yxb/cfLHLP7j5o9Z/MfLH7P4fyT/f2mQyH/8/DGL/wT5Yxb/j+aPWfwnzB+z+E+UP2bx/1j+mMX/4/ljFv9P5I9Z/D+ZP2bx/1T+mMV/4vwxi/8k+WMW/0nzxyz+n84fs/hPlj9m8Z88f8ziP0X+mMV/yvwxi/9U+WMW/8/kj1n8p84fs/h/Nn/M4v+5/DGL/+fzxyz+X8gfs/h/MX/M4v+l/DGL/zT5Yxb/afPHLP7T5Y9Z/KfPH7P4z5A/ZvGfMX/M4v/l/DGL/0z5Yxb/mfPHLP6z5I9Z/GfNH7P4fyV/zOI/W/6Yxf+r+WMW/6/lj1n8Z88fs/h/PX/M4j9H/pjFf878MYv/XPljFv+588cs/vPkj1n8580fs/jPlz9m8Z8/f8ziv0D+mMV/wfwxi/838scs/t/MH7P4L5Q/ZvH/Vv6YxX/h/DGL/7fzxyz+38kfs/gvkj9m8V80f8ziv1j+mMV/8fwxi/8S+WMW/yXzxyz+380fs/gvlT9m8f9e/pjF//v5Yxb/pfPHLP7L5I9Z/JfNH7P4L5c/ZvH/Qf6YxX/5/DGL/wr5Yxb/H+aPWfxXzB+z+K+UP2bxXzl/zOK/Sv6YxX/V/DGL/2r5Yxb/1fPHLP4/yh+z+K+RP2bxXzN/zOK/Vv6YxX/t/DGL/zr5Yxb/dfPHLP4/zh+z+K+XP2bxXz9/zOK/Qf6Yxf8n+WMW/w3zxyz+P80fs/hvlD9m8d84f8ziv0n+mMX/Z/ljFv+f549Z/DfNH7P4b5Y/ZvHfPH/M4r9F/pjFf8v8MYv/VvljFv+t88cs/tvkj1n8t80fs/hvlz9m8f9F/pjF/5f5Yxb/7fPHLP475I9Z/HfMH7P475Q/ZvH/Vf6Yxf/X+WMW/9/kj1n8d84fs/jvkj9m8f9t/pjF/3f5Yxb/XfPHLP6/zx+z+O+WP2bx3z1/zOK/R/6Yxf8P+WMW/z/mj1n8/5Q/ZvHfM3/M4r9X/pjF/8/5Yxb/v+SPWfz3zh+z+O+TP2bx3zd/zOL/1/wxi//f8scs/vvlj1n8988fs/gfkD9m8T8wf8zif1D+mMX/4Pwxi/8h+WMW/0Pzxyz+h+WPWfwPzx+z+B+RP2bxPzJ/zOJ/VP6Yxf/o/DGL/zH5Yxb/Y/PHLP7H5Y9Z/I/PH7P4n5A/ZvE/MX/M4n9S/pjF/+T8MYv/KfljFv9T88cs/qflj1n8T88fs/ifkT9m8T8zf8zif1b+mMX/7Pwxi/85+WMW/3Pzxyz+5+WPWfzPzx+z+F+QP2bxvzB/zOJ/Uf6Yxf/i/DGL/9/zxyz+l+SPWfwvzR+z+F+WP2bxvzx/zOJ/Rf6Yxf/K/DGL/1X5Yxb/q/PHLP7X5I9Z/K/NH7P4X5c/ZvG/Pn/M4n9D/pjF/8b8MYv/TfljFv+b88cs/rfkj1n8b80fs/jflj9m8b89f8zif0f+mMX/zvwxi/9d+WMW/7vzxyz+9+SPWfzvzR+z+N+XP2bxvz9/zOL/QP6Yxf/B/DGL/0P5Yxb/h/PHLP6P5I9Z/B/NH7P4P5Y/ZvF/PH/M4v9E/pjF/8n8MYv/U/ljFv+n88cs/s/kj1n8n80fs/g/lz9m8X8+f8zi/0L+mMX/xfwxi/9L+WMW/5fzxyz+r+SPWfxfzR+z+L+WP2bxfz1/TOI/0kD+mMV/UP6YxX+E/DGL/4j5Yxb/wfljFv+R8scs/iPnj1n8R8kfs/gPyR+z+I+aP2bxHy1/zOI/ev6YxX+M/DGL/5j5Yxb/sfLHLP5j549Z/MfJH7P4j5s/ZvEfL3/M4v+R/DGL//j5Yxb/CfLHLP4fzR+z+E+YP2bxnyh/zOL/sfwxi//H88cs/p/IH7P4fzJ/zOL/qfwxi//E+WMW/0nyxyz+k+aPWfw/nT9m8Z8sf8ziP3n+mMV/ivwxi/+U+WMW/6nyxyz+n8kfs/hPnT9m8f9s/pjF/3P5Yxb/z+ePWfy/kD9m8f9i/pjF/0v5Yxb/afLHLP7T5o9Z/KfLH7P4T58/ZvGfIX/M4j9j/pjF/8v5Yxb/mfLHLP4z549Z/GfJH7P4z5o/ZvH/Sv6YxX+2/DGL/1fzxyz+X8sfs/jPnj9m8f96/pjFf478MYv/nPljFv+58scs/nPnj1n858kfs/jPmz9m8Z8vf8ziP3/+mMV/gfwxi/+C+WMW/2/kj1n8v5k/ZvFfKH/M4v+t/DGL/8L5Yxb/b+ePWfy/kz9m8V8kf8ziv2j+mMV/sfwxi//i+WMW/yXyxyz+S+aPWfy/mz9m8V8qf8zi/738MYv/9/PHLP5L549Z/JfJH7P4L5s/ZvFfLn/M4v+D/DGL//L5Yxb/FfLHLP4/zB+z+K+YP2bxXyl/zOK/cv6YxX8Vjf/I/9atLf6ravz/vSz+q+WPWfxXzx+z+P8of8ziv0b+mMV/zfwxi/9a+WMW/7Xzxyz+6+SPWfzXzR+z+P84f8ziv17+mMV//fwxi/8G+WMW/5/kj1n8N8wfs/j/NH/M4r9R/pjFf+P8MYv/JvljFv+f5Y9Z/H+eP2bx3zR/zOK/Wf6YxX/z/DGL/xb5Yxb/LfPHLP5b5Y9Z/LfOH7P4b5M/ZvHfNn/M4r9d/pjF/xf5Yxb/X+aPWfy3zx+z+O+QP2bx3zF/zOK/U/6Yxf9X+WMW/1/nj1n8f5M/ZvHfOX/M4r9L/pjF/7f5Yxb/3+WPWfx3fdt/hA9mXB/SLP6/b/1jFv/d8scs/rvnj1n898gfs/j/IX/M4v/H/DGL/5/yxyz+e+aPWfz3yh+z+P85f8zi/5f8MYv/3vljFv998scs/vvmj1n8/5o/ZvH/W/6YxX+//DGL//75Yxb/A/LHLP4H5o9Z/A/KH7P4H5w/ZvE/JH/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/xPyxyz+J+aPWfxPyh+z+J+cP2bxPyV/zOJ/av6Yxf+0/DGL/+n5Yxb/M/LHLP5n5o9Z/M/KH7P4n50/ZvE/J3/M4n9u/pjF/7z8MYv/+fljFv8L8scs/hfmj1n8L8ofs/hfnD9m8f97/pjF/5L8MYv/pfljFv/L8scs/pfnj1n8r8gfs/hfmT9m8b8qf8zif3X+mMX/mvwxi/+1+WMW/+vyxyz+1+ePWfxvyB+z+N+YP2bxvyl/zOJ/c/6Yxf+W/DGL/635Yxb/2/LHLP63549Z/O/IH7P435k/ZvG/K3/M4n93/pjF/578MYv/vfljFv/78scs/vfnj1n8H8gfs/g/mD9m8X8of8zi/3D+mMX/kfwxi/+j+WMW/8fyxyz+j+ePWfyfyB+z+D+ZP2bxfyp/zOL/dP6Yxf+Z/DGL/7P5Yxb/5/LHLP7P549Z/F/IH7P4v5g/ZvF/KX/M4v9y/pjF/5X8MYv/q/ljFv/X8scs/q/nj0n8Rx7IH7P4D8ofs/iPkD9m8R8xf8ziPzh/zOI/Uv6YxX/k/DGL/yj5Yxb/IfljFv9R88cs/qPlj1n8R88fs/iPkT9m8R8zf8ziP1b+mMV/7Pwxi/84+WMW/3Hzxyz+4+WPWfw/kj9m8R8/f8ziP0H+mMX/o/ljFv8J88cs/hPlj1n8P5Y/ZvH/+Hv6j/b/flwf0iz+n2j9Yxb/T+aPWfw/lT9m8Z84f8ziP0n+mMV/0vwxi/+n88cs/pPlj1n8J88fs/hPkT9m8Z8yf8ziP1X+mMX/M/ljFv+p88cs/p/NH7P4fy5/zOL/+fwxi/8X8scs/l/MH7P4fyl/zOI/Tf6YxX/a/DGL/3T5Yxb/6fPHLP4z5I9Z/GfMH7P4fzl/zOI/U/6YxX/m/DGL/yz5Yxb/WfPHLP5fyR+z+M+WP2bx/2r+mMX/a/ljFv/Z88cs/l/PH7P4z5E/ZvGfM3/M4j9X/pjFf+78MYv/PPljFv9588cs/vPlj1n8588fs/gvkD9m8V8wf8zi/438MYv/N/PHLP4L5Y9Z/L+VP2bxXzh/zOL/7fwxi/938scs/ovkj1n8F80fs/gvlj9m8V88f8ziv0T+mMV/yfwxi/9388cs/kvlj1n8v5c/ZvH/fv6YxX/p/LH/UP9Bw1mPvEz+2H+o/xv94/pfNn/M4r9c/pjF/wf5Yxb/5fPHLP4r5I9Z/H+YP2bxXzF/bNC5g4bNzH+2/0r5Y5b1v3L+mMV/lfwxi/+q+WMW/9Xyxyz+q+ePWfx/lD9m8V8jf8ziv2b+mMV/rfwxi//a+WMW/3Xyxyz+6+aPWfx/nD9m8V8vf8ziv37+mMV/g/wxi/9P8scs/hvmj1n8f5o/ZvHfKH/M4r9x/pjFf5P8MYv/z/LHLP4/zx+z+G+aP2bx3yx/zOK/ef6YxX+L/DGL/5b5Yxb/rfLHLP5b549Z/LfJH7P4b5s/ZvHfLn/M4v+L/DGL/y/zxyz+2+ePWfx3yB+z+O+YP2bx3yl/zOL/q/wxi/+v88cs/r/JH7P475w/ZvHfJX/M4v/b/DGL/+/yxyz+u+aPWfx/nz9m8d8tf8ziv3v+mMV/j/wxi/8f8scs/n/MH7P4/yl/zOK/Z/6YxX+v/DGL/5/zxyz+f8kfs/jvnT9m8d8nf8ziv2/+mMX/r/ljFv+/5Y9Z/PfLH7P4758/ZvE/IH/M4n9g/pjF/6D8MYv/wfljFv9D8scs/ofmj1n8D8sfs/gfnj9m8T8if8zif2T+mMX/qPwxi//R+WMW/2Pyxyz+x+aPWfyPyx+z+B+fP2bxPyF/zOJ/Yv6Yxf+k/DGL/8n5Yxb/U/LHLP6n5o9Z/E/LH7P4n54/ZvE/I3/M4n9m/pjF/6z8MYv/2fljFv9z8scs/ufmj1n8z8sfs/ifnz9m8b8gf8zif2H+mMX/ovwxi//F+WMW/7/nj1n8L8kfs/hfmj9m8b8sf8zif3n+mMX/ivwxi/+V+WMW/6vyxyz+V+ePWfyvyR+z+F+bP2bxvy5/zOJ/ff6Yxf+G/DGL/435Yxb/m/LHLP43549Z/G/JH7P435o/ZvG/LX/M4n97/pjF/478MYv/nfljFv+78scs/nfnj1n878kfs/jfmz9m8b8vf8zif3/+mMX/gfwxi/+D+WMW/4fyxyz+D+ePWfwfyR+z+D+aP2bxfyx/zOL/eP6Yxf+J/DGL/5P5Yxb/p/LHLP5P549Z/J/Jf2BUuMzi/+zQxzr4gxrUhzeL/3Otf8zi/3z+mMX/hfwxi/+L+WMW/5fyxyz+L+ePWfxfyR+z+L+aP2bxfy1/zOL/ev6YxH+Ugfwxi/+g/DGL/wj5Yxb/EfPHLP6D88cs/iPlj1n8R84fs/iPkj9m8R+SP2bxHzV/zOI/Wv6YxX/0/DGL/xj5Yxb/MfPHLP5j5Y9Z/MfOH7P4j5M/ZvEfN/9hDfmncxb/8fLHLP4fyR+z+I+fP2bxnyB/zOL/0fwxi/+E+WMW/4nyxyz+H8sfs/h/PH/M4v+J/DGL/yfzxyz+n8ofs/hPnD9m8Z8kf8ziP2n+mMX/0/ljFv/J8scs/pPnj1n8p8gfs/hPmT9m8Z8qf8zi/5n8MYv/1PljFv/P5o9Z/D+XP2bx/3z+mMX/C/ljFv8v5o9Z/L+UP2bxnyZ/zOI/bf6YxX+6/DGL//T5Yxb/GfLHLP4z5o9Z/L+cP2bxnyl/zOI/c/6YxX+W/DGL/6z5Yxb/r+SPWfxnyx+z+H81f8zi/7X8MYv/7PljFv+v549Z/OfIH7P4z5k/ZvGfK3/M4j93/pjFf578MYv/vPljFv/58scs/vPnj1n8F8gfs/gvmD9m8f9G/pjF/5v5Yxb/hfLHLP7fyh+z+C+cP2bx/3b+mMX/O/ljFv9F8scs/ovmj1n8F8sfs/gvnj9m8V8if8ziv2T+mMX/u/ljFv+l8scs/t/LH7P4fz9/zOK/dP6YxX+Z/DGL/7L5Yxb/5fLHLP4/yB+z+C+fP2bxXyF/zOL/w/wxi/+K+WMW/5Xyxyz+K+ePWfxXyR+z+K+aP2bxXy1/zOK/ev6Yxf9H+WMW/zXyxyz+a+aPWfzXyh+z+K+d/zuN/M6nFv918scs/uvmj1n8f5w/ZvFfL3/M4r9+/pjFf4P8MYv/T/LHLP4b5o9Z/H+aP2bx3yh/zOK/cf6YxX+T/DGL/8/yxyz+P88fs/hvmj9m8d8sf8ziv3n+mMV/i/wxi/+W+WMW/63yxyz+W+ePWfy3yR+z+G+L/m0RFv/t0sYs/r/IH7P4/zJ/zOK/ff6YxX+H/DGL/45v+r/6+gc1rg9pFv+dWv+Yxf9X+WMW/1/nj1n8f5M/ZvHfOX/M4r9L/pjF/7f5Yxb/3+WPWfx3zR+z+P8+f8ziv1v+mMV/9/wxi/8e+WMW/z/kj1n8/5g/ZvH/U/6YxX/P/DGL/175Yxb/P+ePWfz/kj9m8d87f8ziv0/+mMV/3/wxi/9f88cs/n/LH7P475c/ZvHfP3/M4n9A/pjF/8D8MYv/QfljFv+D88cs/ofkj1n8D80fs/gflj9m8T88f8zif0T+mMX/yPwxi/9R+WMW/6Pzxyz+x+SPWfyPzR+z+B+XP2bxPz5/zOJ/Qv6Yxf/E/DGL/0n5Yxb/k/PHLP6n5I9Z/E/NH7P4n5Y/ZvE/PX/M4n9G/pjF/8z8MYv/WfljFv+z88cs/ufkj1n8z80fs/iflz9m8T8/f8zif0H+mMX/wvwxi/9F+WMW/4vzxyz+f88fs/hfkj9m8b80f8zif1n+mMX/8vwxi/8V+WMW/yvzxyz+V+WPWfyvzh+z+F+TP2bxvzZ/zOJ/Xf6Yxf/6/DGL/w35Yxb/G/PHLP435Y9Z/G/OH7P435I/ZvG/NX/M4n9b/pjF//b8MYv/HfljFv8788cs/nflj1n8784fs/jfkz9m8b83f8zif1/+mMX//vwxi/8D+WMW/wfzxyz+D+WPWfwfzh+z+D+SP2bxfzR/zOL/WP6Yxf/x/DGL/xP5Yxb/J/PHLP5P5Y9Z/J/OH7P4P5M/ZvF/Nn/M4v9c/pjF//n8MYv/C/ljFv8X88cs/i/lj1n8X84fs/i/kj9m8X81f8zi/1r+mMX/9fwxif+Qgfwxi/+g/DGL/wj5Yxb/EfPHLP6D88cs/iPlj1n8R84fs/iPkj9m8R+SP2bxHzV/zOI/Wv6YxX/0/DGL/xj5Yxb/MfPHLP5j5Y9Z/MfOH7P4j5M/ZvEfN3/M4j9e/pjF/yP5Yxb/8fPHLP4T5I9Z/D+aP2bxnzB/zOI/Uf6Yxf9j+WMW/4/nj1n8P5E/ZvH/ZP6Yxf9T+WMW/4nzxyz+k+SPWfwnzR+z+H86f8ziP1n+mMV/8vwxi/8U+WMW/ynzxyz+U+WPWfw/kz9m8Z86f8zi/9n8MYv/5/LHLP6fzx+z+H8hf8zi/8X8MYv/l/LHLP7T5I9Z/KfNH7P4T5c/ZvGfPn/M4j9D/pjFf8b8MYv/l/PHLP4z5Y9Z/GfOH7P4z5I/ZvGfNX/M4v+V/DGL/2z5Yxb/r+aPWfy/lj9m8Z89f8zi//X8MYv/HPljFv8588cs/nPlj1n8584fs/jPkz9m8Z83f8ziP1/+mMV//vwxi/8C+WMW/wXzxyz+38gfs/h/M3/M4r9Q/pjF/1v5Yxb/hfPHLP7fzh+z+H8nf8ziv0j+mMV/0fwxi/9i+WMW/8Xzxyz+S+SPWfyXzB+z+H83f8ziv1T+mMX/e/ljFv/v549Z/JfOH7P4L5M/ZvFfNn/M4r9c/pjF/wf5Yxb/5fPHLP4r5I9Z/H+YP2bxXzF/zOK/Uv6YxX/l/DGL/yr5Yxb/VfPHLP6r5Y9Z/FfPH7P4/yh/zOK/Rv6YxX/N/DGL/1r5Yxb/tfPHLP7r5I9Z/NfNH7P4/zh/zOK/Xv6YxX/9/DGL/wb5Yxb/n+SPWfw3zB+z+P80f8ziv1H+mMV/4/wxi/8m+WMW/5/lj1n8f54/ZvHfNH/M4r9Z/pjFf/P8MYv/FvljFv8t88cGnfv6gMF/q/wxy/rfOn/M4r9N/pjFf9v8MYv/dvljFv9f5I9Z/H+ZP2bx3z5/zOK/Q/6YxX/H/DGL/075Yxb/X+WPWfx/nT9m8f9N/pjFf+f8MYv/LvljFv/f5o9Z/H+XP2bx3zV/zOL/+/wxi/9u+WMW/93zxyz+e+SPWfz/kD9m8f9j/pjF/0/5Yxb/PfPHLP575Y9Z/P+cP2bx/0v+mMV/7/wxi/8++WMW/33zxyz+f80fs/j/LX/M4r9f/pjFf//8MYv/AfljFv8D88cs/gflj1n8D84fs/gfkj9m8T80f8zif1j+mMX/8Pwxi/8R+WMW/yPzxyz+R+WPWfyPzh+z+B+TP2bxPzZ/zOJ/XP6Yxf/4/DGL/wn5Yxb/E/PHLP4n5Y9Z/E/OH7P4n5I/ZvE/NX/M4n9a/pjF//T8MYv/GfljFv8z88cs/mflj1n8z84fs/ifkz9m8T83f8zif17+mMX//Pwxi/8F+WMW/wvzxyz+F+WPWfwvzh+z+P89f8zif0n+mMX/0vwxi/9l+WMW/8vzxyz+V+SPWfyvzB+z+F+VP2bxvzp/zOJ/Tf6Yxf/a/DGL/3X5Yxb/6/PHLP435I9Z/G/MH7P435Q/ZvG/OX/M4n9L/pjF/9b8MYv/bfljFv/b88cs/nfkj1n878wfs/jflT9m8b87f8zif0/+mMX/3vwxi/99+WMW//vzxyz+D+SPWfwfzB+z+D+UP2bxfzh/zOL/SP6Yxf/R/DGD/6DBA0Meyx8z+A9d/4/nj1n8n8gfs/g/mT9m8X8qf8zi/3T+mMX/mfwxi/+z+WMW/+fyxyz+z+ePWfxfyB+z+L+YP2bxfyl/zOL/cv6Yxf+V/DGL/6v5Yxb/1/LHLP6v549J/EcdyB+z+A/KH7P4j5A/ZvEfMX/M4j84f8ziP1L+mMV/5Pwxi/8o+WMW/yH5Yxb/UfPHLP6j5Y9Z/EfPH7P4j5E/ZvEfM3/M4j9W/pjFf+z8MYv/OPljFv9x88cs/uPlj1n8P5I/ZvEfP3/M4j9B/pjF/6P5Yxb/CfPHLP4T5Y9Z/D+WP2bx/3j+mMX/E/ljFv9P5o9Z/D+VP2bxnzh/zOI/Sf6YxX/S/DGL/6fzxyz+k+WPWfwnzx+z+E+RP2bxnzJ/zOI/1cDA2vn/axb/z7T+MYv/1PljFv/P5o9Z/D+XP2bx/3z+mMX/C/ljFv8v5o9Z/L+UP2bxnyZ/zOI/7cDA5h/UkD7MWfyna/1jFv/p88cs/jPkj1n8Z8wfs/h/OX/M4j9T/pjFf+b8MYv/LPljFv9Z88cs/l/JH7P4z5Y/ZvH/av6Yxf9r+WMW/9nzxyz+X88fs/jPkT9m8Z8zf8ziP1f+mMV/7vwxi/88+WMW/3nzxyz+8+WPWfznzx+z+C+QP2bxXzB/zOL/jfwxi/8388cs/gvlj1n8v5U/ZvFfOH/M4v/t/DGL/3fyxyz+i+SPWfwXzR+z+C+WP2bxXzx/zOK/RP6YxX/J/DGL/3fzxyz+S+WPWfy/lz9m8f9+/pjFf+n8MYv/MvljFv9l88cs/svlj1n8f5A/ZvFfPn/M4r9C/pjF/4f5Yxb/FfPHLP4r5Y9Z/FfOH7P4r5I/ZvFfNX/M4r9a/pjFf/X8MYv/j/LHLP5r5I9Z/NfMH7P4r5U/ZvFfO3/M4r9O/pjFf938MYv/j/PHLP7r5Y9Z/NfPH7P4b5A/ZvH/Sf6YxX/D/DGL/0/zxyz+G+WPWfw3zh+z+G+SP2bx/1n+mMX/5/ljFv9N88cs/pvlj1n8N88fs/hvkT9m8d8yf8ziv1X+mMV/6/wxi/82+WMW/23zxyz+2+WPWfx/kT9m8f9l/pjFf/v8MYv/DvljFv8d88cs/jvlj1n8f5U/ZvH/df6Yxf83+WMW/53zxyz+u+SPWfx/mz9m8f9d/pjFf9f8MYv/7/PHLP675Y9Z/HfPH7P475E/ZvH/Q/6Yxf+P+WMW/z/lj1n898wfs/jvlT9m8f9z/pjF/y/5Yxb/vfPHLP775I9Z/PfNH7P4/zV/zOL/t/wxi/9++WMW//3zxyz+B+SPWfwPzB+z+B+UP2bxPzh/zOJ/SP6Yxf/Q/DGL/2H5Yxb/w/PHLP5H5I9Z/I/MH7P4H5U/ZvE/On/M4n9M/pjF/9j8MYv/cfljFv/j88cs/ifkj1n8T8wfs/iflD9m8T85f8zif0r+mMX/1Pwxi/9p+WMW/9Pzxyz+Z+SPWfzPzB+z+J+VP2bxPzt/zOJ/Tv6Yxf/c/DGL/3n5Yxb/8/PHLP4X5I9Z/C/MH7P4X5Q/ZvG/OH/M4v/3/DGL/yX5Yxb/S/PHLP6X5Y9Z/C/PH7P4X5E/ZvG/Mn/M4n9V/pjF/+r8MYv/NfljFv9r88cs/tflj1n8r88fs/jfkD9m8b8xf8zif1P+mMX/5vwxi/8t+WMW/1vzxyz+t+WPWfxvzx+z+N+RP2bxvzN/zOJ/V/6Yxf/u/DGL/z35Yxb/e/PHLP735Y9Z/O/PH7P4P5A/ZvF/MH/M4v9Q/pjF/+H8MYv/I/ljFv9H88cs/o/lj1n8H88fs/g/kT9m8X8yf8zi/1T+mMX/6fwxi/8z+WMW/2fzxyz+z+WPWfyfzx+z+L+QP2bxfzF/zOL/Uv6Yxf/l/DGL/yv5Yxb/V/PHLP6v5Y9Z/F/PH5P4jzaQP2bxH5Q/ZvEfIX/M4j9i/pjFf3D+mMV/pPwxi//I+WMW/1Hyxyz+Q/LHLP6j5o9Z/EfLH7P4j54/ZvEfI3/M4j9m/pjFf6z8MYv/2PljFv9x8scs/uPmj1n8x8sfs/h/JH/M4j9+/pjFf4L8MYv/R/PHLP4T5o9Z/CfKH7P4fyx/zOL/8fwxi/8n8scs/p/MH7P4fyp/zOI/cf6YxX+S/DGL/6T5Yxb/T+ePWfwnyx+z+E+eP2bxnyJ/zOI/Zf6YxX+q/DGL/2fyxyz+U+ePWfw/mz9m8f9c/pjF//P5Yxb/L+SPWfy/mD9m8f9S/pjFf5r8MYv/tPljFv/p8scs/tPnj1n8Z8gfs/jPmD9m8f9y/pjFf6b8MYv/zPljFv9Z8scs/rPmj1n8v5I/ZvGfLX/M4v/V/DGL/9fyxyz+s+ePWfy/nj9m8Z8jf8ziP2f+mMV/rvwxi//c+WMW/3nyxyz+8+aPWfznyx+z+M+fP2bxXyB/zOK/YP6Yxf8b+WMW/2/mj1n8F8ofs/h/K3/M4r9w/pjF/9v5Yxb/7+SPWfwXyR+z+C+aP2bxXyx/zOK/eP6YxX+J/DGL/5L5Yxb/7+aPWfyXyh+z+H8vf8zi//38MYv/0vljFv9l8scs/svmj1n8l8sfs/j/IH/M4r98/pjFf4X8MYv/D/PHLP4r5o9Z/FfKH7P4r5w/ZvFfJX/M4r9q/pjFf7X8MYv/6vljFv8f5Y9Z/NfIH7P4r5k/ZvFfK3/M4r92/pjFf538MYv/uvljFv8f549Z/NfLH7P4r58/ZvHfIH/M4v+T/DGL/4b5Yxb/n+aPWfw3yh+z+G+cP2bx3yR/zOL/s/wxi//P88cs/pvmj1n8N8sfs/hvnj9m8d8if8ziv2X+mMV/q/wxi//W+WMW/23yxyz+2+aPWfy3yx+z+P8if8zi/8v8MYv/9vljFv8d8scs/jvmj1n8d8ofs/j/Kn/M4v/r/DGL/2/yxyz+O+ePWfx3yR+z+P82f8zi/7v8MYv/rvljFv/f549Z/HfLH7P4754/ZvHfI3/M4v+H/DGL/x/zxyz+f8ofs/jvmT9m8d8rf8zi/+f8MYv/X/LHLP57549Z/PfJH7P475s/ZvH/a/6Yxf9v+WMW//3yxyz+++ePWfwPyB+z+B+YP2bxPyh/zOJ/cP6Yxf+Q/DGL/6H5Yxb/w/LHLP6H549Z/I/IH7P4H5k/ZvE/Kn/M4n90/pjF/5j8MYv/sfljFv/j8scs/sfnj1n8T8gfs/ifmD9m8T8pf8zif3L+mMX/lPwxi/+p+WMW/9Pyxyz+p+ePWfzPyB+z+J+ZP2bxPyt/zOJ/dv6Yxf+c/DGL/7n5Yxb/8/LHLP7n549Z/C/IH7P4X5g/ZvG/KH/M4n9x/pjF/+/5Yxb/S/LHLP6X5o9Z/C/LH7P4X54/ZvG/In/M4n9l/pjF/6r8MYv/1fljFv9r8scs/tfmj1n8r8sfs/hfnz9m8b8hf8zif2P+mMX/pvwxi//N+WMW/1vyxyz+t+aPWfxve8d/1A9kXB/SLP63t/4xi/8d+WMW/zvzxyz+d+WPWfzvzh+z+N+TP2bxvzd/zOJ/X/6Yxf/+/DGL/wP5Yxb/B/PHLP4P5Y9Z/B/OH7P4P5I/ZvF/NH/M4v9Y/pjF//H8MYv/E/ljFv8n88cs/k/lj1n8n84fs/g/kz9m8X82f8zi/1z+mMX/+fwxi/8L+WMW/xfzxyz+L+WPWfxfzh+z+L+SP2bxfzV/zOL/Wv6Yxf/1/DGJ/+gD+WMW/0H5Yxb/EfLHLP4j5o9Z/Afnj1n8R8ofs/iPnD9m8R8lf8ziPyR/zOI/av6YxX+0/DGL/+j5Yxb/MfLHLP5j5o9Z/MfKH7P4j50/ZvEfJ3/M4j9u/pjFf7z8MYv/R/LHLP7j549Z/CfIH7P4fzR/zOI/Yf6YxX+i/DGL/8fyxyz+H88fs/h/In/M4v/J/DGL/6fyxyz+E+ePWfwnyR+z+E+aP2bx/3T+mMV/svwxi//k+WMW/ynyxyz+U+aPWfynyh+z+H8mf8ziP3X+mMX/s/ljFv/P5Y9Z/D+fP2bx/0L+mMX/i/ljFv8v5Y9Z/KfJH7P4T5s/ZvGfLn/M4j99/pjFf4b8MYv/jPljFv8v549Z/GfKH7P4z5w/ZvGfJX/M4j9r/pjF/yv5Yxb/2fLHLP5fzR+z+H8tf8ziP3v+mMX/6/ljFv858scs/nPmj1n858ofs/jPnT9m8Z8nf8ziP2/+mMV/vvwxi//8+WMW/wXyxyz+C+aPWfy/kT9m8f9m/pjFf6H8MYv/t/LHLP4L549Z/L+dP2bx/8779R/8/2hcH9Is/ou0/jGL/6L5Yxb/xfLHLP6L549Z/JfIH7P4L5k/ZvH/bv6YxX+p/DGL//fyxyz+388fs/gvnT9m8V8mf8ziv2z+mMV/ufwxi/8P8scs/svnj1n8V8gfs/j/MH/M4r9i/pjFf6X8MYv/yvljFv9V8scs/qvmj1n8V8sfs/ivnj9m8f9R/pjFf438MYv/mvljFv+18scs/mvnj1n818kfs/ivmz9m8f9x/pjFf738MYv/+vljFv8N8scs/j/JH7P4b5g/ZvH/af6YxX+j/DGL/8b5Yxb/TfLHLP4/yx+z+P88f8ziv2n+mMV/s/wxi//m+WMW/y3yxyz+W+aPWfy3yh+z+G+dP2bx3yZ/zOK/bf6YxX+7/DGL/y/yxyz+v8wfs/hvnz9m8d8hf8ziv2P+mMV/p/wxi/+v8scs/r/OH7P4/yZ/zOK/c/6YxX+X/DGL/2/zxyz+v8sfs/jvmj9m8f99/pjFf7f8MYv/7vljFv898scs/n/IH7P4/zF/zOL/p/wxi/+e+WMW/73yxyz+f84fs/j/JX/M4r93/pjFf5/8MYv/vvljFv+/5o9Z/P+WP2bx3y9/zOK/f/6Yxf+A/DGL/4H5Yxb/g/LHLP4H549Z/A/JH7P4H5o/ZvE/LH/M4n94/pjF/4j8MYv/kfljFv+j8scs/kfnj1n8j8kfs/gfmz9m8T8uf8zif3z+mMX/hPwxi/+J+WMW/5Pyxyz+J+ePWfxPyR97y39gyMDAf7L/qfljlvV/Wv6Yxf/0/DGL/xn5Yxb/M/PHLP5n5Y9Z/M/OH7P4n5M/ZvE/N3/M4n9e/pjF//z8MYv/BfljFv8L88cs/hflj1n8L84fs/j/PX/M4n9J/pjF/9L8MYv/ZfljFv/L88cs/lfkj1n8r8wfs/hflT9m8b86f8zif03+mMX/2vwxi/91+WMW/+vzxyz+N+SPWfxvzB+z+N+UP2bxvzl/zOJ/S/6Yxf/W/DGL/235Yxb/2/PHLP535I9Z/O/MH7P435U/ZvG/O3/M4n9P/pjF/978MYv/ffljFv/7lf4j/Ze3sPg/oPT/r7P4P5g/5vBP/t1y+A+M/nBbAWbxfyR/zOL/aP6Yxf+x/DGL/+P5Yxb/J/LHLP5P5o9Z/J/KH7P4P50/ZvF/Jn/M4v9s/pjF/7n8MYv/8/ljFv8X8scs/i/mj1n8X8ofs/i/nD9m8X8lf8zi/2r+mMX/tfwxi//r+WMS/zEG8scs/oPyxyz+I+SPWfxHzB+z+A/OH7P4j5Q/ZvEfOX/M4j9K/pjFf0j+mMV/1Pwxi/9o+WMW/9Hzxyz+Y+SPWfzHzB+z+I+VP2bxHzt/zOI/Tv6YxX/c/DGL/3j5Yxb/j+SPWfzHzx+z+E+QP2bx/2j+mMV/wvwxi/9E+WMW/4/lj1n8P54/ZvH/RP6Yxf+T+WMW/0/lj1n8J84fs/hPkj9m8Z80f8zi/+n8MYv/ZPljFv/J88cs/lPkj1n8p8wfs/hPlT9m8f9M/pjFf+r8MYv/Z/PHLP6fyx+z+H8+f8zi/4X8MYv/F/PHLP5fyh+z+E+TP2bxnzZ/zOI/Xf6YxX/6/DGL/wz5Yxb/GfPHLP5fzh+z+M+UP2bxnzl/zOI/S/6YxX/W/DGL/1fyxyz+s+WPWfy/mj9m8f9a/pjFf/b8MYv/1/PHLP5z5I9Z/OfMH7P4z5U/ZvGfO3/M4j9P/pjFf978MYv/fPljFv/588cs/gvkj1n8F8wfs/h/I3/M4v/N/DGL/0L5Yxb/b+WPWfwXzh+z+H87f8zi/538MYv/IvljFv9F88cs/ovlj1n8F88fs/gvkT9m8V8yf8zi/938MYv/UvljFv/v5Y9Z/L+fP2bxXzp/zOK/TP6YxX/Z/DGL/3L5Yxb/H+SPWfyXzx+z+K+QP2bx/2H+mMV/xfwxi/9KRv/38YAt/isb/d9HFv9V8scs/qvmj1n8V8sfs/ivnj9m8f9R/pjFf438MYv/mvljFv+18scs/mvnj1n818kfs/ivmz9m8f9x/pjFf738MYv/+vljFv8N8scs/j/JH7P4b5g/ZvH/af6YxX+j/DGL/8b5Yxb/TfLHLP4/yx+z+P88f8ziv2n+mMV/s/wxi//m+WMW/y3yxyz+W+aPWfy3yh+z+G+dP2bx3yZ/zOK/bf6YxX+7/DGL/y/yxyz+v8wfs/hvnz9m8d8hf8ziv2P+mMV/p/wxi/+v8scs/r/OH7P4/yZ/zOK/c/6YxX+X/DGL/2/zxyz+v8sfs/jvmj9m8f99/pjFf7f8MYv/7vljFv898scs/n/IH7P4/zF/zOL/p/wxi/+e+WMW/73yxyz+f84fs/j/JX/M4r93/pjFf5/8MYv/vvljFv+/5o9Z/P+WP2bx3y9/zOK/f/6Yxf+A/DGL/4H5Yxb/g/LHLP4H549Z/A/JH7P4H5o/ZvE/LH/M4n94/pjF/4j8MYv/kfljFv+j8scs/kfnj1n8j8kfs/gfmz9m8T8uf8zif3z+mMX/hPwxi/+J+WMW/5Pyxyz+J+ePWfxPyR+z+J+aP2bxPy1/zOJ/ev6Yxf+M/DGL/5n5Yxb/s/LHLP5n549Z/M/JH7P4n5s/ZvE/L3/M4n9+/pjF/4L8MYv/hfljFv+L8scs/hfnj1n8/54/ZvG/JH/M4n9p/pjF/7L8MYv/5fljFv8r8scs/lfmj1n8r8ofs/hfnT9m8b8mf8zif23+mMX/uvwxi//1+WMW/xvyxyz+N+aPWfxvyh+z+N+cP2bxvyV/zOJ/a/6Yxf+2/DGL/+35Yxb/O/LHLP535o9Z/O/KH7P4350/ZvG/J3/M4n9v/pjF/778MYv//fljFv8H8scs/g/mj1n8H8ofs/g/nD9m8X8kf8zi/2j+mMX/sfwxi//j+WMW/yfyxyz+T+aPWfyfyh+z+D+dP2bxfyZ/zOL/bP6Yxf+5/DGL//P5Yxb/F/LHLP4v5o9Z/F/KH7P4v5w/ZvF/JX/M4v9q/pjF/7X8MYv/6/ljEv8xB/LHLP6D8scs/iPkj1n8R8wfs/gPzh+z+I+UP2bxHzl/zOI/Sv6YxX9I/pjFf9T8MYv/aPljFv/R88cs/mPkj1n8x8wfs/iPlT9m8R87f8ziP07+mMV/3Pwxi/94+WMW/4/kj1n8x88fs/hPkD9m8f9o/pjFf8L8MYv/RPljFv+P5Y9Z/D+eP2bx/0T+mMX/k/ljFv9P5Y9Z/CfOH7P4T5I/ZvGfNH/M4v/p/DGL/2T5Yxb/yfPHLP5T5I9Z/KfMH7P4T5U/ZvH/TP6YxX/q/DGL/2fzxyz+n8sfs/h/Pn/M4v+F/DGL/xfzxyz+X8ofs/hPkz9m8Z82f8ziP13+mMV/+vwxi/8M+WMW/xnzxyz+X84fs/jPlD9m8Z85f8ziP0v+2D/5D7tsnA94TP+/ehf/WfPHLOv/K/ljFv/Z8scs/l/NH7P4fy1/zOI/e/6Yxf/r+WMW/znyxyz+c+aPWfznyh+z+M+dP2bxnyd/zOI/b/6YxX++/DGL//z5Yxb/BfLHLP4L5o9Z/L+RP2bx/2b+mMV/ofwxi/+38scs/gvnj1n8v50/ZvH/Tv6YxX+R/DGL/6L5Yxb/xfLHLP6L549Z/JfIH7P4L5k/ZvH/bv6YxX+p/DGL//fyxyz+388fs/gvnT9m8V8mf8ziv2z+mMV/ufwxi/8P8scs/svnj1n8V8gfs/j/MH/M4r9i/pjFf6X8MYv/yvljFv9Vhj7W5e95/Y0+qLF9CLP4r9r6xyz+q+WPWfxXzx+z+P8of8ziv0b+mMV/zfwxi/9a+WMW/7Xzxyz+6+SPWfzXzR+z+P84f8ziv17+mMV//fwxi/8G+WMW/5/kj1n8N8wfs/j/NH/M4r9R/pjFf+P8MYv/JvljFv+f5Y9Z/H+eP2bx3zR/zOK/Wf6YxX/z/DGL/xb5Yxb/LfPHLP5b5Y9Z/LfOH7P4b5M/ZvHfNn/M4r9d/pjF/xf5Yxb/X+aPWfy3zx+z+O+QP2bx3zF/zOK/U/6Yxf9X+WMW/1/nj1n8f5M/ZvHfOX/M4r9L/th/qv+Q4fx/mz/2n+o/MJz/7/LHLP675o9Z/H+fP2bx3y1/zOK/e/6YxX+P/DGL/x/yxyz+f8wfs/j/KX/M4r9n/pjFf6/8MYv/n/PHLP5/yR+z+O+dP2bx3yd/zOK/b/6Yxf+v+WMW/7/lj1n898sfs/jvnz9m8T8gf8zif2D+mMX/oPwxi//B+WMW/0Pyxyz+h+aPWfwPyx+z+B+eP2bxPyJ/zOJ/ZP6Yxf+o/DGL/9H5Yxb/Y/LHLP7H5o9Z/I/LH7P4H58/ZvE/IX/M4n9i/pjF/6T8MYv/yfljFv9T8scs/qfmj1n8T8sfs/ifnj9m8T8jf8zif2b+mMX/rPwxi//Z+WMW/3Pyxyz+5+aPWfzPyx+z+J+fP2bxvyB/zOJ/Yf6Yxf+i/DGL/8X5Yxb/v+ePWfwvyR+z+F+aP2bxvyx/zOJ/ef6Yxf+K/DGL/5X5Yxb/q/LHLP5X549Z/K/JH7P4X5s/ZvG/Ln/M4n99/pjF/4b8MYv/jfljFv+b8scs/jfnj1n8b8kfs/jfmj9m8b8tf8zif3v+mMX/jvwxi/+d+WMW/7vyxyz+d+ePWfzvyR+z+N+bP2bxvy9/zOJ///D+W/wvj+tDmsX/gdY/ZvF/MH/M4v9Q/pjF/+H8MYv/I/ljFv9H88cs/o/lj1n8H88fs/g/kT9m8X8yf8zi/1T+mMX/6fwxi/8z+WMW/2fzxyz+z+WPWfyfzx+z+L+QP2bxfzF/zOL/Uv6Yxf/l/DGL/yv5Yxb/V/PHLP6v5Y9Z/F/PH5P4jzWQP2bxH5Q/ZvEfIX/M4j9i/pjFf3D+mMV/pPwxi//I+WMW/1Hyxyz+Q/LHLP6j5o9Z/EfLH7P4j54/ZvEfI3/M4j9m/pjFf6z8MYv/2PljFv9x8scs/uPmj1n8x8sfs/h/JH/M4j9+/pjFf4L8MYv/R/PHLP4T5o9Z/CfKH7P4fyx/zOL/8fwxi/8n8scs/p/MH7P4f8rl/77f3cziP7HL/31n8Z8kf8ziP2n+mMX/0/ljFv/J8scs/pPnj1n8p8gfs/hPmT9m8Z8qf8zi/5n8MYv/1PljFv/P5o9Z/D+XP2bx/3z+mMX/C/ljFv8v5o9Z/L+UP2bxnyZ/zOI/bf6YxX+6/DGL//T5Yxb/GfLHLP4z5o9Z/L8s8r/ryvd/W4v/TCL/fyeL/8z5Yxb/WfLHLP6z5o9Z/L+SP2bxny1/zOL/1fwxi//X8scs/rPnj1n8v54/ZvGfI3/M4j9n/pjFf678MYv/3PljFv958scs/vPmj1n858sfs/jPnz9m8V8gf8ziv2D+mMX/G/ljFv9v5o9Z/BfKH7P4fyt/zOK/cP6Yxf/b+WMW/+/kj1n8F8kfs/gvmj9m8V8sf8ziv3j+mMV/ifwxi/+S+WMW/+/mj1n8l8ofs/h/L3/M4v/9/DGL/9L5Yxb/ZfLHLP7L5o9Z/JfLH7P4/yB/zOK/fP6YxX+F/DGL/w/zxyz+K+aPWfxXyh+z+K+cP2bxXyV/zOK/av6YxX+1/DGL/+r5Yxb/H+WPWfzXyB+z+K+ZP2bxXyt/zOK/dv6YxX+d/DGL/7r5Yxb/H+ePWfzXyx+z+K+fP2bx3yB/zOL/k/wxi/+G+WMW/5/mj1n8N8ofs/hvnD9m8d8kf8zi/7P8MYv/z/PHLP6b5o9Z/DfLH7P4b54/ZvHfIn/M4r9l/pjFf6v8MYv/1vljFv9t8scs/tvmj1n8t8sfs/j/In/M4v/L/DGL//b5Yxb/HfLHLP475o9Z/HfKH7P4/yp/zOL/6/wxi/9v8scs/jvnj1n8d8kfs/j/Nn/M4v+7/DGL/675Yxb/3+ePWfx3yx+z+O+eP2bx3yN/zOL/h/wxi/8f88cs/n/KH7P475k/ZvHfK3/M4v/n/DGL/1/yxyz+e+ePWfz3yR+z+O+bP2bx/2v+mMX/b/ljFv/98scs/vvnj1n8D8gfs/gfmD9m8T8of8zif3D+mMX/kPwxi/+h+WMW/8Pyxyz+h+ePWfyPyB+z+B+ZP2bxPyp/zOJ/dP6Yxf+Y/DGL/7H5Yxb/4/LHLP7H549Z/E/IH7P4n5g/ZvE/KX/M4n9y/pjF/5T8MYv/qfljFv/T8scs/qfnj1n8z8gfs/ifmT9m8T8rf8zif3b+mMX/nPwxi/+5+WMW//Pyxyz+5+ePWfwvyB+z+F+YP2bxvyh/zOJ/cf6Yxf/v+WMW/0vyxyz+l+aPWfwvyx+z+F+eP2bxvyJ/zOJ/Zf6Yxf+q/DGL/9X5Yxb/a/LHLP7X5o9Z/K/LH7P4X58/ZvG/IX/M4n9j/pjF/6b8MYv/zfljFv9b8scs/rfmj1n8b8sfs/jfnj9m8b8jf8zif2f+mMX/rvwxi//d+WMW/3vyxyz+9+aPWfzvyx+z+N+fP2bxfyB/zOL/YP6Yxf+h/DGL/8P5Yxb/R/LHLP6P5o9Z/B/LH7P4P54/ZvF/In/M4v9k/pjF/6n8MYv/0/ljFv9n8scs/s/mj1n8n8sfs/g/nz9m8X8hf8zi/2L+mMX/pfwxi//L+WMW/1fyxyz+r+aPWfxfyx+z+L+ePybxH3sgf8ziPyh/zOI/Qv6YxX/E/DGL/+D8MYv/SPljFv+R88cs/qPkj1n8h+SPWfxHzR+z+I+WP2bxHz1/zOI/Rv6YxX/M/DGL/1j5Yxb/sfPHLP7j5I9Z/MfNH7P4j5c/ZvH/SP6YxX/8/DGL/wT5Yxb/j+aPWfwnzB+z+E+U///Hzv2Ha13Xdxy/D7+znH3adalLGw6NuTYjkdGohagoHn+cMtHM36hHIEHkhySYihut1LHpUjdLNrVwzNmqJQ43168VDcuarRFbq5ziWhhjDhaZs7PrwDkEZ2/PtfNl3y/m+/H4A859H993yPN6ed9cXFehLP1/Tv9Qlv6v1j+Upf9B+oey9D9Y/1CW/q/RP5Sl/8/rH8rSf6T+oSz9D9E/lKX/L+gfytJ/lP6hLP0P1T+Upf9h+oey9H+t/qEs/UfrH8rS/xf1D2Xpf7j+oSz9f0n/UJb+r9M/lKX/L+sfytL/V/QPZel/hP6hLP1fr38oS/8x+oey9H+D/qEs/Y/UP5Sl/1j9Q1n6H6V/KEv/cfqHsvT/Vf1DWfqP1z+Upf8b9Q9l6f9r+oey9J+gfyhL/zfpH8rS/836h7L0/3X9Q1n6v0X/UJb+E/UPZel/tP6hLP0n6R/K0v8Y/UNZ+h+rfyhL/+P0D2XpP1n/UJb+x+sfytL/BP1DWfpP0T+Upf+J+oey9G/XP5Sl/0n6h7L0P1n/UJb+p+gfytL/VP1DWfp36B/K0v+t+oey9H+b/qEs/U/TP5Sl/9v1D2Xpf7r+oSz9p+ofytL/DP1DWfqfqX8oS/936B/K0v8s/UNZ+r9T/1CW/mfrH8rS/xz9Q1n6n6t/KEv/8/QPZel/vv6hLP0v0D+Upf+F+oey9J+mfyhL/4v0D2Xpf7H+oSz9L9E/lKV/p/6hLP0v1T+Upf90/UNZ+s/QP5Sl/0z9Q1n6v0v/UJb+l+kfytJ/lv6hLP1n6x/K0v9y/UNtXT1e4v3n6B/Ksv8r9A9l6T9X/1CW/vP0D2XpP1//UJb+C/QPZel/pf6hLP0X6h/K0v/d+oey9L9K/1CW/ov0D2Xpv1j/UJb+V+sfytL/PfqHsvS/Rv9Qlv7X6h/K0v86/UNZ+i/RP5Sl//X6h7L0/w39Q1n6/6b+oSz9l+ofytL/vfqHsvT/Lf1DWfq/T/9Qlv7v1z+Upf8N+oey9L9R/1CW/jfpH8rS/7f1D2Xpv0z/UJb+v6N/KEv/39U/lKX/zfqHsvS/Rf9Qlv6/p38oS/8P6B/K0v9W/UNZ+t+mfyhL/9v1D2Xp//v6h7L0/wP9Q1n636F/KEv/D+ofytL/Q/qHsvS/U/9Qlv7L9Q9l6f+H+oey9P8j/UNZ+t+lfyhL/7v1D2Xpf4/+oSz9P6x/KEv/j+gfytJ/hf6hLP3v1T+Upf8f6x/K0n+l/qEs/f9E/1CW/vfpH8rS/0/1D2Xpf7/+oSz9P6p/KEv/P9M/lKX/x/QPZen/cf1DWfp/Qv9Qlv5/rn8oS/9P6h/K0v8B/UNZ+q/SP5Sl/4P6h7L0/wv9Q1n6r9Y/lKX/Q/qHsvT/S/1DWfr/lf6hLP0f1j+Upf9f6x/K0v9T+oey9P+0/qEs/T+jfyhL/8/qH8rS/3P6h7L0/xv9Q1n6f17/UJb+X9A/lKX/Gv1DWfp/Uf9Qlv5/q38oS/+1+oey9H9E/1CW/l/SP5Sl/5f1D2Xp/6j+oSz9v6J/KEv/r+ofytL/7/QPZen/mP6hLP2/pn8oS/+/1z+Upf/X9Q9l6f8P+oey9F+nfyhL/2/oH8rSf73+oSz9/1H/UJb+/6R/KEv/b+ofytL/n/UPZen/Lf1DWfp/W/9Qlv7f0T+Upf/j+oey9P8X/UNZ+j+hfyhL/yf1D2Xpv0H/UJb+T+kfytL/X/UPZen/Xf1DWfr/m/6hLP2/p38oS/+N+oey9H9a/1CW/t/XP5Sl/yb9Q1n6/7v+oSz9N+sfytL/P/QPZen/jP6hLP3/U/9Qlv5b9A9l6b9V/1CW/v+lfyhL/x/oH8rSf5v+oSz9f6h/KEv/Z/UPZen/o+39h++tX9WLVpb+z9l/KEv//9Y/lKX/8/qHsvT/sf6hLP279A8l6f/Klv6hLP3b9A9l6T9I/1CW/oP1D2XpP0T/UJb+Q/UPZek/TP9Qlv7D9Q9l6T9C/1CW/i/TP5Sl/z76h7L0f7n+oSz9X6F/KEv/ffUPZen/M/qHsvTfT//QS64/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAi838RYsvmzZrVuc8X/jCF77Y+cXe/i8TAADw/+0nH/r39q8EAAAAAAAAAAAAAAAAAAAA8mri/05sb/87AgAAAAAAAAAAAADAT7v2jmM2DW7b7anBuz54zaOd238et+2sGStWPFh6f+759snBSw7a9UFXV1fX8mcmTu55OLzVanX/r72y5/GIvsfdr79k5J0H7nhUJn3+9sfPn7rvKfNW3TLkG8tv6nh66PZnh7YuvHTmrM43DGq1ynFDW1d1PziyrdUqJwxt3dz9YGz3gylDWyu7Hxy1/cHLWp/pfvD6i+fMuqT7iRMr/57BS0V7x5LW4N0W29rtvwa77n/JyCdm9P7cz0v2vtqQVs/+R6360gF9vtfrBfbf+/rlmL77H/C/IPCCBrb/Z9f3/tzPS/6v9/8Pr922OPreC++/9/XLsfYP9Qk+/++20b6f+/t8/j8keMmd90ePWHtr9/7bz7jv4J6nhvxfPv//5PXLcX33P2i3z//dn+Mn937+H95qleP38LcDUmnvuH5Tf+///e9/yKv73LTtuv97vrLhFd37v/e51tKep4YOcP+T+3v/v6HPrxUYmPaOu7v6vP8PYP+t0cFL7tz/xlX7bv/8v+H+i/ff5XsD2f/xffc/ZsHsK8bMX7T4iJmzp03vnN55+YSx448cN2HC+PFjtn8i2PHjHv6mQBJ79v7f2qfPTVur1bnzfs19N03u3v/mh5Z+pOepEQPc/wn9vv8f4v0fQqMGtYYNa101bcGCeUfu+LH34dgdP+74x4L9D+DP/4ce3vOP9f6dYVurdeDO+9HnTxjevf+r55bVPU8NG+D+p/S7/0m7/10lMDB7+P5/SZ+b3fZ/9MZrF3bv/7AfvGpDz1MD/fP/if3u/y7v/7An2jtatb6Jdu//qOHXn1TturT7+z+oTxP7H7nl5q3VrstJ9g/1aWL/U5e9+aJq1+Vk+4f6NLH/B2dfsKzadTnF/qE+Tez/+Z/delC163Kq/UN9mtj/Y999akW169Jh/1CfJvb/wTs6jqp2Xd5q/1CfJvZ/xJU/nFjturzN/qE+Tez/0pefvrLadTnN/qE+Tez/pK5j9692Xd5u/1CfJvbfdv33llS7LqfbP9Snif0/OW3ZnGrXZar9Q32a2P/KkaOfrXZdzrB/qE8T+1/69BunVLsuZ9o/1KeJ/X/1tjsfq3Zd3mH/UJ8m9v+Jc191Z7Xrcpb9Q32a2P+PRj20T7Xr8k77h/o0sf9161Y+UO26nG3/UJ8m9r985eBR1a7LOfYP9Wli/9edOP3RatflXPuH+jSx/3Hjv3xOtetynv1DfZrY/4Gf+9ZT1a7L+fYP9Wli/6c/vHB+tetygf1DfZrY/8KDPv7jatflQvuH+jSx/7d0HjSj2nWZZv9Qnyb2X27ZZ12163KR/UN9mtj/2ZvvnlTtulxs/1CfJva/er8vfKzadbnE/qE+Tex/y9zLJ1S7Lp32D/VpYv/fee9176t2XS61f6hPE/u/9bmvl2rXZbr9Q32a2P/GsWefW+26zLB/qE8T+7/7lGceqXZdZto/1KeJ/S9b/fiCatflXfYP9Wli/2vWnPxEtetymf1DfZrY/2Gjx+xb7brMsn+oTxP7n3PW0g9Vuy6z7R/q08T+j7v/ttdWuy6X2z/Up4n9j/jaxE9Wuy5z7B/q08T+Pz3x/Z+qdl2usH+oTxP73zrp0MOrXZe59g/1aWL/6x8Ye3u16zLP/qE+Tez/A4/cUfG6zLd/qE8T+5/7uuc3V7suC+wf6tPE/t809cxF1a7LlfYP9Wli//vfNeWL1a7LQvuH+jSx//O+/f3Tql2Xd9s/1KeJ/R96wEUHV7suV9k/1KeJ/c+YufbGatdlkf1DfZrY/+Tl68dVuy6L7R/q08T+93ty/j3VrsvV9g/1aWL/mwYfcGq16/Ie+4f6NLH/e695+JvVrss19g/1aWL/N97w0c5q1+Va+4f6NLH/z24btqXadbnO/gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4H3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04FgAAAAAQ5m8dRO8GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBQAAP//dbn20g==")
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ac61b408b4070a0102010000000109022400010000005b090400000219a4b40009050e02001bc4000009058202"], 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$gtp(0x0, 0xffffffffffffffff)
sendmsg$GTP_CMD_GETPDP(r1, 0x0, 0x8c0)
r2 = getpgid(0x0)
r3 = syz_pidfd_open(r2, 0x0)
r4 = pidfd_getfd(r3, r3, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000aa2a8e10b1134200d0e3000000010902240001000000000904ea000247cdb2000905291e0000000000090583d96ae4d44120"], 0x0)
sendmsg$nl_route(r4, 0x0, 0x750fce4cbe51e021)
syz_usb_control_io$hid(r0, 0x0, 0x0)
--- end repro.prog ---

Root cause hypothesis:

fserror_report() stores a raw super_block pointer in the queued event:

event->sb = sb;
INIT_WORK(&event->work, fserror_worker);
schedule_work(&event->work);

fserror_worker() later reads:

struct super_block *sb = event->sb;
if (sb->s_flags & SB_ACTIVE) ...

There is no superblock reference held by the queued event. Lifetime appears to
depend on fserror_unmount() draining pending events.

However generic_shutdown_super() only calls fserror_unmount(sb) under:

if (sb->s_root) {
...
sb->s_flags &= ~SB_ACTIVE;
fserror_unmount(sb);
...
}

For mount failure paths where the superblock was allocated and XFS temporarily
sets SB_ACTIVE during log recovery, an fserror metadata event can be accepted,
but the superblock may later be destroyed without the s_root branch draining
pending fserror work.

Current XFS still temporarily sets SB_ACTIVE during log recovery:

mp->m_super->s_flags |= SB_ACTIVE;
xfs_log_work_queue(mp);
if (xlog_recovery_needed(log))
error = xlog_recover_finish(log);
mp->m_super->s_flags &= ~SB_ACTIVE;

So this looks like a remaining fserror event vs. super_block lifetime issue,
separate from the earlier XFS inode UAF.

If you have any questions, please let me know.

Best regards,
Yue

[sanan....@gmail.com]

Good day, dear maintainers,

We found a bug using a modified version of syzkaller.

Kernel Branch: 7.0-rc1
Kernel Config: <https://drive.google.com/open?id=1dd0qteaHHIsE3puUVyWFoRLtF4bP2IOy>
Unfortunately, we don't have any reproducer for this bug yet.
Thank you!

Best regards,
Sanan Hasanov

==================================================================
BUG: KASAN: slab-use-after-free in inode_state_read_once include/linux/fs.h:884 [inline]
BUG: KASAN: slab-use-after-free in iput+0x34c/0xc60 fs/inode.c:1986
Read of size 4 at addr ffff888066ffafb8 by task kworker/0:1/448004

CPU: 0 UID: 0 PID: 448004 Comm: kworker/0:1 Tainted: G L 7.0.0-rc1 #1 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Ubuntu 24.04 PC v2 (i440FX + PIIX, arch_caps fix, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Workqueue: events fserror_worker
Call Trace:
<TASK>
__dump_stack+0x21/0x30 lib/dump_stack.c:94
dump_stack_lvl+0xee/0x150 lib/dump_stack.c:120
print_address_description+0x51/0x1e0 mm/kasan/report.c:378
print_report+0x67/0x80 mm/kasan/report.c:482
kasan_report+0x135/0x170 mm/kasan/report.c:595
__asan_report_load4_noabort+0x18/0x20 mm/kasan/report_generic.c:380
inode_state_read_once include/linux/fs.h:884 [inline]
iput+0x34c/0xc60 fs/inode.c:1986
fserror_worker+0x215/0x310 fs/fserror.c:69
process_one_work kernel/workqueue.c:3275 [inline]
process_scheduled_works+0xa30/0x13d0 kernel/workqueue.c:3358
worker_thread+0xacb/0x1060 kernel/workqueue.c:3439
kthread+0x388/0x470 kernel/kthread.c:467
ret_from_fork+0x5e4/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:245
</TASK>

Allocated by task 475317:
kasan_save_stack mm/kasan/common.c:57 [inline]
kasan_save_track+0x3e/0x70 mm/kasan/common.c:78
kasan_save_alloc_info+0x40/0x50 mm/kasan/generic.c:570
unpoison_slab_object mm/kasan/common.c:340 [inline]
__kasan_slab_alloc+0x73/0x80 mm/kasan/common.c:366
kasan_slab_alloc include/linux/kasan.h:253 [inline]
slab_post_alloc_hook mm/slub.c:4501 [inline]
slab_alloc_node mm/slub.c:4830 [inline]
kmem_cache_alloc_lru_noprof+0x2bc/0x4a0 mm/slub.c:4849
xfs_inode_alloc+0xf8/0x7b0 fs/xfs/xfs_icache.c:97
xfs_iget_cache_miss fs/xfs/xfs_icache.c:635 [inline]
xfs_iget+0x635/0x2330 fs/xfs/xfs_icache.c:799
xfs_lookup+0x2fb/0x4f0 fs/xfs/xfs_inode.c:553
xfs_vn_lookup+0x11d/0x1e0 fs/xfs/xfs_iops.c:327
__lookup_slow+0x28f/0x3c0 fs/namei.c:1916
lookup_slow+0x5c/0x80 fs/namei.c:1933
walk_component fs/namei.c:2279 [inline]
lookup_last fs/namei.c:2780 [inline]
path_lookupat+0x403/0x8f0 fs/namei.c:2804
filename_lookup+0x217/0x570 fs/namei.c:2833
filename_listxattr fs/xattr.c:945 [inline]
path_listxattrat+0x117/0x3a0 fs/xattr.c:975
__do_sys_listxattr fs/xattr.c:988 [inline]
__se_sys_listxattr fs/xattr.c:985 [inline]
__x64_sys_listxattr+0x8b/0xa0 fs/xattr.c:985
x64_sys_call+0x1899/0x2900 arch/x86/include/generated/asm/syscalls_64.h:195
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x13f/0x860 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x4b/0x53

Freed by task 15:
kasan_save_stack mm/kasan/common.c:57 [inline]
kasan_save_track+0x3e/0x70 mm/kasan/common.c:78
kasan_save_free_info+0x4a/0x50 mm/kasan/generic.c:584
poison_slab_object mm/kasan/common.c:253 [inline]
__kasan_slab_free+0x63/0x80 mm/kasan/common.c:285
kasan_slab_free include/linux/kasan.h:235 [inline]
slab_free_hook mm/slub.c:2687 [inline]
slab_free mm/slub.c:6124 [inline]
kmem_cache_free+0x20c/0x5a0 mm/slub.c:6254
xfs_inode_free_callback+0x1ad/0x1e0 fs/xfs/xfs_icache.c:165
rcu_do_batch+0x541/0xc90 kernel/rcu/tree.c:2617
rcu_core+0x455/0x870 kernel/rcu/tree.c:2869
rcu_core_si+0x12/0x20 kernel/rcu/tree.c:2886
handle_softirqs+0x229/0x750 kernel/softirq.c:622
run_ksoftirqd+0x3f/0x70 kernel/softirq.c:1063
smpboot_thread_fn+0x611/0xbe0 kernel/smpboot.c:160
kthread+0x388/0x470 kernel/kthread.c:467
ret_from_fork+0x5e4/0xb90 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:245

Last potentially related work creation:

kasan_save_stack+0x3e/0x60 mm/kasan/common.c:57
kasan_record_aux_stack+0xc1/0xd0 mm/kasan/generic.c:556
__call_rcu_common kernel/rcu/tree.c:3131 [inline]
call_rcu+0xec/0x7d0 kernel/rcu/tree.c:3251
__xfs_inode_free fs/xfs/xfs_icache.c:177 [inline]
xfs_inode_free+0x1c5/0x240 fs/xfs/xfs_icache.c:197
xfs_iget_cache_miss fs/xfs/xfs_icache.c:740 [inline]
xfs_iget+0x6b6/0x2330 fs/xfs/xfs_icache.c:799
xfs_lookup+0x2fb/0x4f0 fs/xfs/xfs_inode.c:553
xfs_vn_lookup+0x11d/0x1e0 fs/xfs/xfs_iops.c:327
__lookup_slow+0x28f/0x3c0 fs/namei.c:1916
lookup_slow+0x5c/0x80 fs/namei.c:1933
walk_component fs/namei.c:2279 [inline]
lookup_last fs/namei.c:2780 [inline]
path_lookupat+0x403/0x8f0 fs/namei.c:2804
filename_lookup+0x217/0x570 fs/namei.c:2833
filename_listxattr fs/xattr.c:945 [inline]
path_listxattrat+0x117/0x3a0 fs/xattr.c:975
__do_sys_listxattr fs/xattr.c:988 [inline]
__se_sys_listxattr fs/xattr.c:985 [inline]
__x64_sys_listxattr+0x8b/0xa0 fs/xattr.c:985
x64_sys_call+0x1899/0x2900 arch/x86/include/generated/asm/syscalls_64.h:195
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x13f/0x860 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x4b/0x53

The buggy address belongs to the object at ffff888066ffad00
which belongs to the cache xfs_inode of size 1776
The buggy address is located 696 bytes inside of
freed 1776-byte region [ffff888066ffad00, ffff888066ffb3f0)

The buggy address belongs to the physical page:

page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888066ffe180 pfn:0x66ff8

head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0

memcg:ffff888066ff8719
flags: 0x2000000000000240(workingset|head|zone=1)
page_type: f5(slab)
raw: 2000000000000240 ffff888019fd2640 ffff888019fd1ac8 ffffea0000adde10
raw: ffff888066ffe180 0000078000110009 00000000f5000000 ffff888066ff8719
head: 2000000000000240 ffff888019fd2640 ffff888019fd1ac8 ffffea0000adde10
head: ffff888066ffe180 0000078000110009 00000000f5000000 ffff888066ff8719
head: 2000000000000003 ffffea00019bfe01 00000000ffffffff 00000000ffffffff
head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008

page dumped because: kasan: bad access detected

page_owner tracks the page as allocated

page last allocated via order 3, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 40578, tgid 40575 (syz.3.7187), ts 249736208593, free_ts 245599182745
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0x25f/0x490 mm/page_alloc.c:1889
prep_new_page mm/page_alloc.c:1897 [inline]
get_page_from_freelist+0x2da9/0x2ed0 mm/page_alloc.c:3962
__alloc_frozen_pages_noprof+0x17c/0x340 mm/page_alloc.c:5250
alloc_slab_page+0x62/0x130 mm/slub.c:-1
allocate_slab+0x7a/0x530 mm/slub.c:3444
new_slab mm/slub.c:3502 [inline]
refill_objects+0x4bf/0x640 mm/slub.c:7134
refill_sheaf+0x32/0x50 mm/slub.c:2804
alloc_full_sheaf mm/slub.c:2825 [inline]
__pcs_replace_empty_main+0x335/0x580 mm/slub.c:4588
alloc_from_pcs mm/slub.c:4681 [inline]
slab_alloc_node mm/slub.c:4815 [inline]
kmem_cache_alloc_lru_noprof+0x41c/0x4a0 mm/slub.c:4849
xfs_inode_alloc+0xf8/0x7b0 fs/xfs/xfs_icache.c:97
xfs_iget_cache_miss fs/xfs/xfs_icache.c:635 [inline]
xfs_iget+0x635/0x2330 fs/xfs/xfs_icache.c:799
xfs_mountfs+0xf84/0x2050 fs/xfs/xfs_mount.c:1072
xfs_fs_fill_super+0x1225/0x16a0 fs/xfs/xfs_super.c:1938
get_tree_bdev_flags+0x407/0x4d0 fs/super.c:1694
get_tree_bdev+0x28/0x30 fs/super.c:1717
xfs_fs_get_tree+0x25/0x30 fs/xfs/xfs_super.c:1985
page last free pid 5023 tgid 5023 stack trace:
reset_page_owner include/linux/page_owner.h:25 [inline]
__free_pages_prepare mm/page_alloc.c:1433 [inline]
__free_frozen_pages+0xb63/0x1040 mm/page_alloc.c:2978
free_frozen_pages+0x14/0x20 mm/page_alloc.c:3016
__free_slab+0x1a2/0x290 mm/slub.c:3518
free_slab+0xdd/0x100 mm/slub.c:3552
discard_slab+0x28/0x30 mm/slub.c:3558
__slab_free+0x2a8/0x2b0 mm/slub.c:5532
___cache_free+0x72/0x80 mm/slub.c:6199
qlink_free mm/kasan/quarantine.c:163 [inline]
qlist_free_all+0xa3/0x110 mm/kasan/quarantine.c:179
kasan_quarantine_reduce+0x13f/0x150 mm/kasan/quarantine.c:286
__kasan_slab_alloc+0x28/0x80 mm/kasan/common.c:350
kasan_slab_alloc include/linux/kasan.h:253 [inline]
slab_post_alloc_hook mm/slub.c:4501 [inline]
slab_alloc_node mm/slub.c:4830 [inline]
__do_kmalloc_node mm/slub.c:5218 [inline]
__kmalloc_noprof+0x329/0x610 mm/slub.c:5231
kmalloc_noprof include/linux/slab.h:966 [inline]
tomoyo_realpath_from_path+0x172/0x710 security/tomoyo/realpath.c:251
tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
tomoyo_path_perm+0x208/0x460 security/tomoyo/file.c:827
tomoyo_inode_getattr+0x25/0x30 security/tomoyo/tomoyo.c:123
security_inode_getattr+0x1eb/0x3d0 security/security.c:1869
vfs_getattr fs/stat.c:259 [inline]
vfs_fstat fs/stat.c:281 [inline]
__do_sys_newfstat fs/stat.c:551 [inline]
__se_sys_newfstat+0xe9/0x3e0 fs/stat.c:546

Memory state around the buggy address:

ffff888066ffae80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff888066ffaf00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff888066ffaf80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff888066ffb000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff888066ffb080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================

<<<<<<<<<<<<<<< tail report >>>>>>>>>>>>>>>