Extracting prog: 2m9.378571943s
Minimizing prog: 67.804µs
Simplifying prog options: 0s
Extracting C: 39.25184085s
Simplifying C: 8m34.84836466s


1 programs, timeouts [30s 6m0s]
extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
detailed listing:
executing program 0:
syz_mount_image$bcachefs(&(0x7f0000005b00), &(0x7f0000005b40)='./file2\x00', 0x0, &(0x7f00000003c0)={[{@metadata_checksum={'metadata_checksum', 0x3d, 'none'}}, {@data_checksum={'data_checksum', 0x3d, 'xxhash'}}, {@reconstruct_alloc}, {@str_hash={'str_hash', 0x3d, 'crc32c'}}, {@version_upgrade={'version_upgrade', 0x3d, 'none'}}], [{@subj_type={'subj_type', 0x3d, '/(/{'}}, {@obj_user={'obj_user', 0x3d, '\x00'}}, {@smackfshat={'smackfshat', 0x3d, 'crc32c'}}]}, 0x1, 0x5b2d, &(0x7f000000b6c0)="$eJzs3Q2MXWXdIPBz7p2ZznTaMkWBWj46QOkWVmBKcYEG48BGwNUighYVpK10Wgb7AZ3WQhVbSESDLNtkN8qaSAjRhA0huEvW9WNNMYuYlTU2cdni7vpiQPPK+wZrELQvJfbNzD3nzr1nznPPnXvvlBZ+v8Cce8597v95/s955sw5zz29NwIAAOAd4Zkvj/3l6oUf/Pk9I6/vuuqHm+6O+ssT23vTAgPJ8o63qoUcSbO6Fkwss+Niz3DPMx+4/yPPf+sz33nxpflLl3371isO3T5n5X33Df/qokO/+NtdRXHT8XT25Hr8ShxFp/5y6dfv/emzJ41vi6MoKscDu6Noflz6yfw4E2LojSiK1lXbWf/kk68vXz++3P21WXXbj8sEMd7f2XqTcfaVH2855Q/nXfH83l9f/vpQ7xtbd08WiXtrxlMUzVtT+/ruKIr6osmhmY62BemLk+U1URQN17zu4oJ2ndFk+88NrC9Mlj3Jsr8gTvr86Zn17ibb0ZVZ9jb5ulaVZjh+Kt1/c2a4/uzBLVvP/GT5vWR59jTjl9P/46gUR13V6jbGk2MkqtlvcRRP7PvJ9VLdWIgzYyOOojizXsqsl7szeU3Umwy0chzXb0/LZbYPJtu7ku2n5+ybWtcFtr8nzTf5RT2YyT87gPunPKjmNSFt128btOVIKNUcg/K2p+3tTXZGf7KtPz5+ymsO50ifW/XSA0+8uPOhxQOBdsTfjZP4cUvxn9t0yf4lO39zYEEo/ppSEr/UUvyx8159/OVrf3ZSMP6eNH65pfgvXLjkGz/ateNgsH/+lPZPV0vxyyvOObTsnqFVwfY/nMbvbSn+I5c/9s1573v68WD7h9L+6Wutf0a3v3nDoyccCMaP0vizW4p/2WsnnrViy2MbgvGfSvunv6X4z46Nrrz3lkU7BkPx96Xx57YU/4zf3XjD3v0jLwTbP5z2z0BL8d+/+LJrVh7YfH/o73S8+0j9hQV4e3pXco711WS91evMdtVcLzw4EFfO+eYk/8/tZEUZ4/XMSx53zWA9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALyzPDKwbuRvPzjtza5kfVby4LRyZZlu74miuC+KorFta7duG928YfDWLdu3bl67cXDttsGRzdu23jl44XsHt47ctnHtnePPDp27vPK646O4soxPnVL34cOHD5cG6rel9X3uon//5OBp+/9vFA2d8KvTuoLt/+hdC//1/JyfGfHw4Y3/7qybXp7zP7dXNgwk7RoItCsKtOvSR19Z8Ycf9v3bKBo6sVG7/n7plT+ta9DEhsk4idKsqDTxYFY8O7cd1VYn7Un7q2v96MaRoeL+LQfy+P3B//KJHWM37670b28wjyb7t2/48F83f/+pmy/deU1lw9G634v6O80ibV/af71Jf89L8poXyKsrkNe9Z53+d//nP256ZXc01PXnRVPrLsqrOxkA3fF7mqo3rWF2XN8nvUn5dI+nrzt/26bbzh+7c+e5o5vWbhjZMLJ5+fLlF1+4/IKLLvhX50+kXvnZsfzT+v9Fk/kfmfG05aLh0fRnc+OpqF1F/THeruL+qG1R6Pfv3R+/8v/d/V/3XFvZUDTO09LV40mynD2+m5dFNeNtal/l5VXUD92BfthwXf9/em1wyz8VHYdq90ztz4x4+PCfR//XB+bsPfOmyoYjcpyvbVCLx/lqq5P2dNced5Ydvf07KyonefXntuvMe1795P/+QTxYbV9PT3TH2m3bti6r/DxCeb37ui92Nq+Ll/zj7TvX3D1/Sl4XVH7OSVo6Jz45t13ZrWleiyZ+lqOkW9JF1FvKz687qrQv+3chfV22V/uT5/rj43PzykqfW/XSA0+8uPOhxaGejr9bqbEvmltZxqcESm7MvLBcbXBe/UXjI4qiNbXb0n586vv/YXDvz+dvKhwflZEx5Wc2veHDX7pkzu/Hrt+3srLhyBxXahrU4nGl2urJ9kz018Rx5YKjJ4+3bj/X/WLFw4f3nvLeDcv/+7bk176of6ul8/p3eRQVHQcWZdZn6jiQrWeyfH68wcx6f1Ru6bjxwoVLvvGjXTsOBo8bf2r2uPHFurVym8eNODCe9n/pP//1C/uf+1DnjhsfWlL+9P9ftDzp0KPl9603Gde9gXFdbXXSnrh2XJ9385aN6yrbj97z32RZcP2T/v0eu3Pn59Zu3Diyday5vJo9L0nryfZyq+cl6W/f8QV5pftrMq+Ze9BMfzX7+5a2f122v1r8fYM8/VHc0t+z5zZdsn/Jzt8cGAjEjdeUkvilluKPnffq4y9f+7OTgvH3pPG7WopfXnHOoWX3DK0Kxn84TuL3thT/kcsf++a89z39eDD+UNr+vtbOJ0a3v3nDoyeE+z9K4/e3FP/ZsdGV996yaEcw/r44qWf83C6Knnx9+frKehx1J8fhtB3dde2KsutxZr2UWS/Xrpcqc/DVCspxXL89LZdsP72mLXmuD2xPzx57F1SWB9P1KPug8fajTanmnCBve9H5NQC8naTv/6fnGun7/4uSP4g17/9XlnFP3esXJOdTCyY3TVzn3T1Y+UM63Xm9tB3Zeb00/tIz62O0Oq9XNC93RmY9bdeipFfS9jQ4b5gTNTEvN7WexvNymfSL580Gv5rZ0DUxtxfab93JTEXe+8yZ9s4Zj9DuefaC/FZXz7ND4y4735G+Tx83Oe6y90Wk+zd7X0Qaf2FmAq3V+yLaHXfptEaDcTeRWfF86tRxETXo18lxkR8tOy6mMY4GKuNoZt+XOvav92d2/t18QiB+8nfkaL/eT7enx4euJucBVgW2d2oeID1cpO36bYO2HAnmAQBg8vo/PacYv/4f/1s9mDnPL7puyV5lpPGC97GU89tTdP079X622S2d91322olnrdjy2IbgefFTzd6Xclvd2uyC+1KK+nFxZr2wHwO3ghTNOyzJlO+P5rbUj2f87sYb9u4feSHYj8OVE6niftxTtza3zX5cmlkv7Mfu/FYV9WO2nqLxe3ZmvT+5I2i6/f7+xZdds/LA5vuD/b672X5/uG5toKDfXacH4h/r1+nfiZL4x/Z1+kzPR75l8wDJvPVMzQNcF9g+3XmA/ikPqnlNOObmAQJ/FwDgWJZe/1fvl0+u//9Hply714fB87bhztzPGjxvq77/1N55ebD91fPy9q6LgvGr10XtXbcE+6d63dLedVcwfvW6q715mmD/PJX2T3vn/aF/LpCe9x/710UzO8/guihZj7IPKlwXAQBwNEiv/9PT1fT+/6eT9ey58cxf5870dehMX0fP9DzDTM+THOvXucf6PMNMz7O9VfMAPcnz5gHqH1TzmmAeAACATvpgsrypyfJdE/cQR9Fnb77lgtXrRj6/ev3WkZGx29bePLJ6dPPotmq57okrr6n3SYfqK7pPOq/87AblVwfj17fnikD5kHbzD9VXlH9e+Ub5rwnGr2/PlYHyIe3mH6qvKP+88o3yXxuMX9+eqwLlQ9rNP1RfUf555Rvl/9lg/Pr2fChQPqTd/EP1FeWfV75R/jcH49e3598Eyoe0m3+ovqL888o3yj/7eZmh/D8cKB/Sbv6h+oryzyvfKP+RYPz69nwkUD6k3fxD9RXln1e+Uf7rg/Hr27MyUD6k3fxD9RXln1e+Uf4bgvHr23N1oHxIu/mH6ivKP698o/xvCcavb89HA+VD2s0/VF9R/nnlG+U/Goxf355rAuVD2s0/VF9R/nnl6/Lvq3/+1mD8+vZ8LFA+pN38Q/UV5Z9XvtH+/1wwfn17rg2UD2k3/1B9RfnnlW+U/8Zg/Pr2XBcoH9Ju/qH6ivLPK98o/03B+PXt+XigfEi7+YfqK8o/r3yj/DcH49e35xOB8iHt5h+qryj/vPKN8t8SjF/fnlWB8iGZ/OPk9oim8w/VV5R/XvlG+d8WjF/fnusD5UPa3f+h+oryzyvfKP/bg/Hr2/PJQPmQvPzTtzybyT9UX1H+eeUb5b81GL++PZ8KlA9pd/+H6ivKP698o/zHgvHr2/PpQPmQdvMP1VeUf175RvlvC8avb88NgfIh7eYfqq8o/7zyjfLfHoxf354bA+VD2s0/VF9R/nnlG+X/+WD8+vZ8JlA+pN38Q/UV5Z9XvlH+O4Lx69tzU6B8SLv5h+oryj+vfKP87wjGr2/P6kD5kGr+27aOjKzeftu6tdtGVm/esm5kbPWOraPbto0kJ2rt3pcYvK8suS+xO+pqmP/CzPpxyecDHRf4fKBs+TTsyRMPpn4+ULbaroLPySnaX9n6iz5nKK983ngL7d+i40Gz4yGr7vejMkhGN4+NbJ16/O5r2B+1YyKauG2uMsHRG5/YVPnsx3UGqinUfD69DfPJbp6V3Ag4Kz6hqfJR4Pvgpqv5fOJgPnntmO732KVhp/U9dpkfU+R8RmtdvuvHJg7So2s3ju4cmdr+2UdB+9+afixNaUfR/o8z7ZiftGR+6PveAu3e8b1/eOSPf/xvH46ioRPKp7TVf/Hw4TUHT/zsLy+ddf54+0sN218tmX6vcsH3H2bLp/l0bdwytu1frt+yfXP+O2jp/c6l6voM3e+c5Flu8v7l0P0e071/OZ7y4OjU7P3LAAAA7xTpv/9Pr1cXJP8GdX5miqD5eeD2/n10cB54X3PzwNnZiKJ54Gz5NO1m54H725wHztYfmqctNSjf6H2XZueBPx0oP13Nj5P2PgcgOE6SnioaJ9l/h180TrLlpztO+tocJ9n6i8ZJXvlG7083O06uD5QPaX48tPe5E8HxMNTceMh+r2bReMiWn+546G1zPGTrLxoPeeUb3a/T7Hj4eKB8s5ofH+19LkxwfKxpbnxkvy+laHxky093fMRtjo9s/UXjI698o/sZmx0fHwuUTzW//9v73J7g/t/T3P7Pfm9L0f7Plp/u/i+1uf+z9Rft/7zyje7nbnb/Xx0on6rf/+M7fmK/j6zesWVr7T3QTe7/ntD+L/relpDm2zez31vTqubbP7Of+zTz7Z/Zz5Wa+fa3d90UbP++9t7par79M/v9wa06Yu/HJh82VfT5U0Xv034qsH2679P2THlwdPI+LQAAAMy89P3/9Ov408+H/1qyDHxNf8uO/e/3ntl5rmP/8/dndh7TfF6Dyo4C5vMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6Y1bXgonlM18e+8vVCz/483tGXt911Q833b1nuOeZD9z/kee/9ZnvvPjS/KXLvn3rFYdun7PyvvuGf3XRoV/87a7CwAOVxdnJam8Uxa/EUXTqL5d+/d6fPnvS+LY4iqJyPLA7iubHpZ/MjzMRht6IomhdtZ31Tz75+vL148vdX5tVt/24TJBsXlF/OW1PXTujOwoz4hjUm4yzr/x4yyl/OO+K5/f++vLXh3rf2Lp7skjcWzOeomjemtrXd0dR1Jf8Py4dbQvSFyfLa6Ioml3zuosL2nVGk+0/N7C+MFn2JMv+gjjp86dn1rubbEdXZtnb5OtaVZrh+Kl0/82Z4fqzB7dsPfOT5feS5dnTjF9O/4+jUhx1VavbGE+Okahmv8VRPLHvJ9dLdWMhzoyNOIrizHops17uzuQ1UW8y0MpxXL89LZfZPphs70q2n14w1q4LbH9Pmm/yi3owk382aP+UB9W8JqTt+m2DthwJpZpjUN72tL29yc7oT7b1x8dPec3hHOlzq1564IkXdz60eCDQjvi7cRI/bin+c5su2b9k528OLAjFX1NK4pdaij923quPv3ztz04Kxt+Txi+3FP+FC5d840e7dhwM9s+f0v7pail+ecU5h5bdM7Qq2P6H0/i9LcV/5PLHvjnvfU8/Hmz/UNo/fa31z+j2N2949IQDwfhRGn92S/Eve+3Es1ZseWxDMP5Taf/0txT/2bHRlffesmjHYCj+vjT+3Jbin/G7G2/Yu3/khWD7h9P+GWgp/vsXX3bNygOb7w8dO+PdR+ovLMDb07uSc6yvJuutXme2q+Z64cGBuHLONyf5f24nK8oYr2feDMYHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODtaeTKB3dduW/1VV1xFMWBModzpM+Ve4aHB1uot7zinEPL7hlaVbttQQtxAAAAgGLpdXipuqU3WhDtiPuik3PLp3MEJ6drcf327BxC32TJjsQpdShOuUNxujoUp7tDcXo6FGdWh+L0FsTpjZqL09cwTqnp9szuUJz+DsWZ06E4czsUZ15hnPoZwFCc4zrUnoGGcZofh/M7FOf4DsV5V4fivLtDcU7oUJwTOxTnpA7Fyc4pT3cczk1KLgzFmXhQLozTFZerT+TNp6f1nJp5XWma9fQ3WU92zn669fQ1Wc+ZbdbT22Q9S9qsJ26ynrPbrKdUUE86bu/Iti+tJ11rcvzf2aE4OzsU5wsdivPFDsW5q0NxvtShOLvajAPQrPT6f/K6cSCa1XVpNDs54mRnAdLr3UWVV085HvVmL9ATabxTMtt7iuJlL9Qz8RZ1uH1nZLZ318Xrqp43NYg3UBtvcebJwnyzEwqZ9i2dbrzsxAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzKCRKx/cdeW+1VdFcTT+X67DOdLnyj3Dw4Mt1LvqpQeeeHHnQ4trt83qaiEQAAAAUCi9Du+ubumNZnWdH/X8M7v2FyNXVQYA/Nyd2ZlhW3BqoA6k0JHSFSPS0kX5kxou+jBLDEoAowHT3VKGdcN2F9ltCiuy1gfigwYSTVx9MjxhCA9qUFSS5UFjUBI2UWwiKC8SRQMkQEJNTMbszr3zrzM764i24O/3cO6953znfPfMNk2+MxPl2uIKyTlAIXnOFOvXqDy0fh2Jtm0Yn03i9ywcvmvP/L2LH54+fHCqOlWdHRsbu/LysX1X7PvonjumZ6p7623I91lvOFlv/t7FOw/OzFTvnq8/d753KZlXanZNrjXHkvd+b588URLfzPPfu+n/1wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFOrWlleqqxOjI9EIUQ9YmpdpGOZXByXB8h77Zvbd1899+hUa18+O8BCAAAAQF9pHT7c6CmEfDYTMuHc9acLm6HFEJp1PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8P+nWlleqqxOjG+JQoh6xNS6SMcyuTguD5D3N/PT1z/whZ1HW/tKA6wDAAAA9JfW4UONnkIohV1hODq3LS49GzivY35nXLrO+ZuM6zw76BW3a5Nxo5uM+2CfuE8l13sCAAAAvPOl9X+20VMM+eyZPev/fnV9GrezIy6TXAf5rQAAAADwn0nr/1yjpxTy2VKjXt9svX9hR1w6v9/39un8ft/bp3EX98jT+X0+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHD6qlaWlyqrE+OZKISoR0yti3Qsk4vj8gB5X7x89Ns/Xzp6orUvnx1gIQAAAKCvtA5vlt6FkM+OhOGwZb3uv3L0719cnDy2bbiYDOdy4Z6DCwt376u3adyur77+ud/9NCqfFHdZvT0lmwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN5W1cryUmV1YvyMKISoR0yti3Qsk4vj8gB5X5w+8s9bHznntda+0gDrAAAAAP2ldXiz9i+EUsiFXNi+/tRa668Z6pjf68wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAePeYv3fxzoMzM9W73bhx46Zxc6r/ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE4X1cryUmV1YrwQhRD1iKl1kY5lcnFcHiDvwx9/9LtnfeQXj7X2lQZYBwAAAOgvrcObtX8hlMJwGA7nrD91OxNYr/+L/8OXBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATgvVyvJSZXVi/MwohKhHTK2LdCyTi+PyAHkv/PPnb105Xn2xtS+fHWAhAAAAoK+0Ds81egohn70s5MOO5HmmfUKUSa7dzwWa8+5qmzay6Xn3tc3LbHre1zp2lk12U59XSNcr1q+NeeWT55VDCKVkXqk5MNk2LzzUNuvMTb/n99rmFfvMCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAaqlaWlyqrE+NRFELUI6bWRTqWycVxeYC8zx2+6vjo4h9fa+0rDbAOAAAA0F9ahzdr/0IohfPDWeH89bo/FNvj07j9j7xy9V9/dsY3Qti7/bcXZHuu/5eLK7/sbEIYag8aCuE9Sb6oR76jP/7bw6+++pNPhrD3nMyOfzdf+5JxbfLE9tue3Z/fs8EHAwAAAO8iaf0/3Ogphnx2tmf9n1beG9f/zdOE9QJ87uyb7tuWtElF3jFjqJjkG+qR784rvvmj8gXH/7BW/2903vDpL5/3iW1h7op4Om3rPZ0vGNdmHtx94OWtTx9Jd13Pn+nIn34uL5344WeOzh/6Sj1/IRSS/vOy3fKf3HY4I669NfvEU4f2L97Qnj/bY/8P7H7/n37/ncOvrOV/Y+dII/8HNtj/xvnPvrny/LHHH7qxPf9wj/xTN235/pvluX907n+kY+Hkk6//wVv+Ch2iuPbG9DPXbF3ZdaA9fwhhsjUw/fyfeuJb5ZVfbzuc5k9/K3Lxro78Lf/UWtuOM6corq3suGRq7MmFLe35o4786f6P3/+Dt750/LnrOvd/e+f+e+bv3P91o5lbXtg5NsiPZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3gGqleWlyurEeMiEEPWIqXWRjmVycVweIO/HLrr2hutfm/16a18+O8BCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNumWlleqqxOjA9FIUQ9YmpdpGOZXByXB8g7f+nrj71846/e19pXGmAdAAAAoL+0Dm/W/oVQCrmQCyPrdf/kie23Pbs/vycU66NRcs3OzM0vfOiOuSOzt5+iNwcAAAA2K63/s42eYshnLwrDSf2/suOSqbEnF7ak9X8IYXKtKdwxPVMdC41zgutGM7e8sHOs3DgnaI279NDcTHJMkK57/1VbX5r/7Or1Xdfd14x7Y/qZa7au7DqQxg0n1/W4y5pxMw/uPvDy1qePpHFD6TnFWtzeZtxbs088dWj/4g3peKZ1vZa4s2+uPH/s8YdubKyTXEeSvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAvduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrBfRyFWFXEcgGfu3dWrd912i3KTIhUTDZKVikqIViHpoQ0p8MUCH7IyMqklDCHchCxMwqeKoIgoCEQKgh6KsKAMkiiI0B7C0B7qITaiDXGjYndndu8ePe12ahXk++Awzpx7fvM/c8az9wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn19y2nrH28NMDv9+56LbPd28Z3nX7+9ue2t835/Ct++449sq9b5442b1i9RsPrR95tKN/796+r28c+eLPJ6cNfmK8WZm6jRDizzGEK79c8cKeT48sHB2LIYR67BoMoTvWPu6OhYTe0yGE+ybqnHry3eHr7h9tB5+bO2X8okJI8b5Cs57rGdc1tV4uLI20z575cPsVP65af+zQt+uGexunHxuc/EhstOynEDo3t17fHkKYl45Rebf15ItTuyGEML/lupumqWvpDOu/tqS/KLVzUtucJiefX1Lot8+wjrZC25jhdVXVZjk/y8+vY5bnL77civN0p/a91K78l/n1fMRQi6FtYrqH4+QeCS3PLYY49uwn+7UpeyEW9kYMIRb6tUK/3l64r7F500arxzh1PH+uML44jbel8SXT7LW7S8Yvz/eb/qOeKtx/MbR5xj8m7mtMruv7f6jlXKi1vIPONp7rbaSH0UxjzXjxGdf8dRb53MaTz799Yuery7pK6ojvxJQfK+V/s+3mo8t3fjfUU5a/uZbya5XyB1b9evCnuz5bWJq/P+fXK+Ufv375ix/s2nGqdH1+yevTVim/vuaakdW7ezeW1v9azm9Uyn993YGXO2/45GBp/b15feZVW5+tj/+x6a1Lh0rzQ86fXyl/7W+XXb1m+4EHSvM/yuvTrJR/ZGBr/54Hr9qxuCz/q5y/oFL+0h/u2XTo6JbjpfX35fXpqpR/y7K1G/qHHtlX9u6Mg+fqLyzAhemS9B3r2dSv+jvzv2r5vfBSVxz/zteRjgX/50QFo/N0zmI+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzNDhyQAAAAAAj6/7odgQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATwUAAP//r6RXYA==")

program crashed: KASAN: slab-use-after-free Read in bch2_reconstruct_alloc
single: successfully extracted reproducer
found reproducer with 1 syscalls
minimizing guilty program
extracting C reproducer
testing compiled C program (duration=1m5.626409638s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: slab-use-after-free Read in bch2_reconstruct_alloc
simplifying C reproducer
testing compiled C program (duration=1m5.626409638s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: slab-use-after-free Read in bch2_reconstruct_alloc
testing compiled C program (duration=1m5.626409638s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: slab-use-after-free Read in bch2_reconstruct_alloc
testing compiled C program (duration=1m5.626409638s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: slab-use-after-free Read in bch2_reconstruct_alloc
testing compiled C program (duration=1m5.626409638s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: slab-use-after-free Read in bch2_reconstruct_alloc
testing compiled C program (duration=1m5.626409638s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: slab-use-after-free Read in bch2_reconstruct_alloc
testing compiled C program (duration=1m5.626409638s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: slab-use-after-free Read in bch2_reconstruct_alloc
testing compiled C program (duration=1m5.626409638s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: slab-use-after-free Read in bch2_reconstruct_alloc
reproducing took 11m23.478860792s
repro crashed as (corrupted=false):
bcachefs (loop0): recovering from clean shutdown, journal seq 8
bcachefs (loop0): dropping and reconstructing all alloc info
==================================================================
BUG: KASAN: slab-use-after-free in bch2_reconstruct_alloc+0x2af/0xac0 fs/bcachefs/recovery.c:134
Read of size 8 at addr ffff88802ce2cf58 by task syz-executor224/5229

CPU: 1 UID: 0 PID: 5229 Comm: syz-executor224 Not tainted 6.12.0-rc3-next-20241016-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0x169/0x550 mm/kasan/report.c:488
 kasan_report+0x143/0x180 mm/kasan/report.c:601
 bch2_reconstruct_alloc+0x2af/0xac0 fs/bcachefs/recovery.c:134
 bch2_fs_recovery+0x12dd/0x39a0 fs/bcachefs/recovery.c:842
 bch2_fs_start+0x356/0x5b0 fs/bcachefs/super.c:1037
 bch2_fs_get_tree+0xd68/0x1710 fs/bcachefs/fs.c:2174
 vfs_get_tree+0x90/0x2b0 fs/super.c:1814
 do_new_mount+0x2be/0xb40 fs/namespace.c:3507
 do_mount fs/namespace.c:3847 [inline]
 __do_sys_mount fs/namespace.c:4055 [inline]
 __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4032
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0b9a0b9f6a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fffbccef428 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fffbccef440 RCX: 00007f0b9a0b9f6a
RDX: 0000000020005b00 RSI: 0000000020005b40 RDI: 00007fffbccef440
RBP: 0000000000000004 R08: 00007fffbccef480 R09: 0000000000005b27
R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000
R13: 00007fffbccef480 R14: 0000000000000003 R15: 0000000001000000
 </TASK>

Allocated by task 5229:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394
 kasan_kmalloc include/linux/kasan.h:260 [inline]
 __do_kmalloc_node mm/slub.c:4273 [inline]
 __kmalloc_node_track_caller_noprof+0x28b/0x4c0 mm/slub.c:4292
 __do_krealloc mm/slub.c:4767 [inline]
 krealloc_noprof+0x65/0x100 mm/slub.c:4816
 bch2_sb_realloc+0x2d2/0x660 fs/bcachefs/super-io.c:189
 __copy_super+0x5dc/0xe70 fs/bcachefs/super-io.c:586
 bch2_sb_to_fs+0xab/0x150 fs/bcachefs/super-io.c:613
 bch2_fs_alloc fs/bcachefs/super.c:828 [inline]
 bch2_fs_open+0x16b2/0x2fa0 fs/bcachefs/super.c:2065
 bch2_fs_get_tree+0x738/0x1710 fs/bcachefs/fs.c:2161
 vfs_get_tree+0x90/0x2b0 fs/super.c:1814
 do_new_mount+0x2be/0xb40 fs/namespace.c:3507
 do_mount fs/namespace.c:3847 [inline]
 __do_sys_mount fs/namespace.c:4055 [inline]
 __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4032
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 5229:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2329 [inline]
 slab_free mm/slub.c:4588 [inline]
 kfree+0x1a0/0x460 mm/slub.c:4736
 krealloc_noprof+0xc9/0x100
 bch2_sb_realloc+0x2d2/0x660 fs/bcachefs/super-io.c:189
 bch2_sb_field_resize_id+0x140/0x7c0 fs/bcachefs/super-io.c:221
 bch2_sb_counters_from_cpu+0xac/0x300 fs/bcachefs/sb-counters.c:67
 bch2_write_super+0xe80/0x3c50 fs/bcachefs/super-io.c:976
 bch2_reconstruct_alloc+0x28c/0xac0 fs/bcachefs/recovery.c:131
 bch2_fs_recovery+0x12dd/0x39a0 fs/bcachefs/recovery.c:842
 bch2_fs_start+0x356/0x5b0 fs/bcachefs/super.c:1037
 bch2_fs_get_tree+0xd68/0x1710 fs/bcachefs/fs.c:2174
 vfs_get_tree+0x90/0x2b0 fs/super.c:1814
 do_new_mount+0x2be/0xb40 fs/namespace.c:3507
 do_mount fs/namespace.c:3847 [inline]
 __do_sys_mount fs/namespace.c:4055 [inline]
 __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4032
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The buggy address belongs to the object at ffff88802ce2c000
 which belongs to the cache kmalloc-4k of size 4096
The buggy address is located 3928 bytes inside of
 freed 4096-byte region [ffff88802ce2c000, ffff88802ce2d000)

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2ce28
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88801ac42140 dead000000000100 dead000000000122
raw: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000
head: 00fff00000000040 ffff88801ac42140 dead000000000100 dead000000000122
head: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000
head: 00fff00000000003 ffffea0000b38a01 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 9362218039, free_ts 0
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x3123/0x3270 mm/page_alloc.c:3493
 __alloc_pages_noprof+0x292/0x710 mm/page_alloc.c:4769
 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265
 alloc_slab_page+0x6a/0x120 mm/slub.c:2399
 allocate_slab+0x5a/0x2f0 mm/slub.c:2565
 new_slab mm/slub.c:2618 [inline]
 ___slab_alloc+0xcd1/0x14b0 mm/slub.c:3805
 __slab_alloc+0x58/0xa0 mm/slub.c:3895
 __slab_alloc_node mm/slub.c:3970 [inline]
 slab_alloc_node mm/slub.c:4131 [inline]
 __kmalloc_cache_noprof+0x27b/0x390 mm/slub.c:4299
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 kobject_uevent_env+0x28b/0x8e0 lib/kobject_uevent.c:540
 device_add+0x63b/0xbf0 drivers/base/core.c:3656
 __video_register_device+0x3bdf/0x4a50 drivers/media/v4l2-core/v4l2-dev.c:1059
 video_register_device include/media/v4l2-dev.h:384 [inline]
 vivid_create_devnodes+0x2342/0x2c90 drivers/media/test-drivers/vivid/vivid-core.c:1707
 vivid_create_instance drivers/media/test-drivers/vivid/vivid-core.c:2040 [inline]
 vivid_probe+0x5858/0x7cf0 drivers/media/test-drivers/vivid/vivid-core.c:2093
 platform_probe+0x13a/0x1c0 drivers/base/platform.c:1404
 really_probe+0x2b8/0xad0 drivers/base/dd.c:658
page_owner free stack trace missing

Memory state around the buggy address:
 ffff88802ce2ce00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88802ce2ce80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff88802ce2cf00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                                    ^
 ffff88802ce2cf80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88802ce2d000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================

final repro crashed as (corrupted=false):
bcachefs (loop0): recovering from clean shutdown, journal seq 8
bcachefs (loop0): dropping and reconstructing all alloc info
==================================================================
BUG: KASAN: slab-use-after-free in bch2_reconstruct_alloc+0x2af/0xac0 fs/bcachefs/recovery.c:134
Read of size 8 at addr ffff88802ce2cf58 by task syz-executor224/5229

CPU: 1 UID: 0 PID: 5229 Comm: syz-executor224 Not tainted 6.12.0-rc3-next-20241016-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0x169/0x550 mm/kasan/report.c:488
 kasan_report+0x143/0x180 mm/kasan/report.c:601
 bch2_reconstruct_alloc+0x2af/0xac0 fs/bcachefs/recovery.c:134
 bch2_fs_recovery+0x12dd/0x39a0 fs/bcachefs/recovery.c:842
 bch2_fs_start+0x356/0x5b0 fs/bcachefs/super.c:1037
 bch2_fs_get_tree+0xd68/0x1710 fs/bcachefs/fs.c:2174
 vfs_get_tree+0x90/0x2b0 fs/super.c:1814
 do_new_mount+0x2be/0xb40 fs/namespace.c:3507
 do_mount fs/namespace.c:3847 [inline]
 __do_sys_mount fs/namespace.c:4055 [inline]
 __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4032
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f0b9a0b9f6a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fffbccef428 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fffbccef440 RCX: 00007f0b9a0b9f6a
RDX: 0000000020005b00 RSI: 0000000020005b40 RDI: 00007fffbccef440
RBP: 0000000000000004 R08: 00007fffbccef480 R09: 0000000000005b27
R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000
R13: 00007fffbccef480 R14: 0000000000000003 R15: 0000000001000000
 </TASK>

Allocated by task 5229:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
 __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394
 kasan_kmalloc include/linux/kasan.h:260 [inline]
 __do_kmalloc_node mm/slub.c:4273 [inline]
 __kmalloc_node_track_caller_noprof+0x28b/0x4c0 mm/slub.c:4292
 __do_krealloc mm/slub.c:4767 [inline]
 krealloc_noprof+0x65/0x100 mm/slub.c:4816
 bch2_sb_realloc+0x2d2/0x660 fs/bcachefs/super-io.c:189
 __copy_super+0x5dc/0xe70 fs/bcachefs/super-io.c:586
 bch2_sb_to_fs+0xab/0x150 fs/bcachefs/super-io.c:613
 bch2_fs_alloc fs/bcachefs/super.c:828 [inline]
 bch2_fs_open+0x16b2/0x2fa0 fs/bcachefs/super.c:2065
 bch2_fs_get_tree+0x738/0x1710 fs/bcachefs/fs.c:2161
 vfs_get_tree+0x90/0x2b0 fs/super.c:1814
 do_new_mount+0x2be/0xb40 fs/namespace.c:3507
 do_mount fs/namespace.c:3847 [inline]
 __do_sys_mount fs/namespace.c:4055 [inline]
 __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4032
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Freed by task 5229:
 kasan_save_stack mm/kasan/common.c:47 [inline]
 kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2329 [inline]
 slab_free mm/slub.c:4588 [inline]
 kfree+0x1a0/0x460 mm/slub.c:4736
 krealloc_noprof+0xc9/0x100
 bch2_sb_realloc+0x2d2/0x660 fs/bcachefs/super-io.c:189
 bch2_sb_field_resize_id+0x140/0x7c0 fs/bcachefs/super-io.c:221
 bch2_sb_counters_from_cpu+0xac/0x300 fs/bcachefs/sb-counters.c:67
 bch2_write_super+0xe80/0x3c50 fs/bcachefs/super-io.c:976
 bch2_reconstruct_alloc+0x28c/0xac0 fs/bcachefs/recovery.c:131
 bch2_fs_recovery+0x12dd/0x39a0 fs/bcachefs/recovery.c:842
 bch2_fs_start+0x356/0x5b0 fs/bcachefs/super.c:1037
 bch2_fs_get_tree+0xd68/0x1710 fs/bcachefs/fs.c:2174
 vfs_get_tree+0x90/0x2b0 fs/super.c:1814
 do_new_mount+0x2be/0xb40 fs/namespace.c:3507
 do_mount fs/namespace.c:3847 [inline]
 __do_sys_mount fs/namespace.c:4055 [inline]
 __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4032
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

The buggy address belongs to the object at ffff88802ce2c000
 which belongs to the cache kmalloc-4k of size 4096
The buggy address is located 3928 bytes inside of
 freed 4096-byte region [ffff88802ce2c000, ffff88802ce2d000)

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2ce28
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
page_type: f5(slab)
raw: 00fff00000000040 ffff88801ac42140 dead000000000100 dead000000000122
raw: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000
head: 00fff00000000040 ffff88801ac42140 dead000000000100 dead000000000122
head: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000
head: 00fff00000000003 ffffea0000b38a01 ffffffffffffffff 0000000000000000
head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 9362218039, free_ts 0
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x3123/0x3270 mm/page_alloc.c:3493
 __alloc_pages_noprof+0x292/0x710 mm/page_alloc.c:4769
 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265
 alloc_slab_page+0x6a/0x120 mm/slub.c:2399
 allocate_slab+0x5a/0x2f0 mm/slub.c:2565
 new_slab mm/slub.c:2618 [inline]
 ___slab_alloc+0xcd1/0x14b0 mm/slub.c:3805
 __slab_alloc+0x58/0xa0 mm/slub.c:3895
 __slab_alloc_node mm/slub.c:3970 [inline]
 slab_alloc_node mm/slub.c:4131 [inline]
 __kmalloc_cache_noprof+0x27b/0x390 mm/slub.c:4299
 kmalloc_noprof include/linux/slab.h:901 [inline]
 kzalloc_noprof include/linux/slab.h:1037 [inline]
 kobject_uevent_env+0x28b/0x8e0 lib/kobject_uevent.c:540
 device_add+0x63b/0xbf0 drivers/base/core.c:3656
 __video_register_device+0x3bdf/0x4a50 drivers/media/v4l2-core/v4l2-dev.c:1059
 video_register_device include/media/v4l2-dev.h:384 [inline]
 vivid_create_devnodes+0x2342/0x2c90 drivers/media/test-drivers/vivid/vivid-core.c:1707
 vivid_create_instance drivers/media/test-drivers/vivid/vivid-core.c:2040 [inline]
 vivid_probe+0x5858/0x7cf0 drivers/media/test-drivers/vivid/vivid-core.c:2093
 platform_probe+0x13a/0x1c0 drivers/base/platform.c:1404
 really_probe+0x2b8/0xad0 drivers/base/dd.c:658
page_owner free stack trace missing

Memory state around the buggy address:
 ffff88802ce2ce00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88802ce2ce80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff88802ce2cf00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                                    ^
 ffff88802ce2cf80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffff88802ce2d000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================