Extracting prog: 36m25.778066614s
Minimizing prog: 103.119µs
Simplifying prog options: 0s
Extracting C: 4m8.352742511s
Simplifying C: 32m23.782925769s
extracting reproducer from 39 programs
testing a last program of every proc
single: executing 9 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$mixer-shmget-shmat-shmctl$IPC_RMID
detailed listing:
executing program 0:
openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0)
r0 = shmget(0x1, 0x4000, 0x200, &(0x7f0000ff8000/0x4000)=nil)
shmat(r0, &(0x7f0000ff8000/0x5000)=nil, 0x7000)
shmctl$IPC_RMID(r0, 0x0)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$key-sendmsg$key-socket$nl_generic-syz_genetlink_get_family_id$l2tp-sendmsg$L2TP_CMD_TUNNEL_GET-sendmsg$L2TP_CMD_SESSION_DELETE-socket$pppoe-syz_genetlink_get_family_id$tipc2-socket$inet6_tcp-setsockopt$inet6_tcp_buf-setsockopt$inet6_tcp_TCP_QUEUE_SEQ-sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK-socket$inet_sctp-sendmsg$TIPC_NL_BEARER_ENABLE-socket$nl_route-connect$pppoe-socket$pppoe-connect$pppoe-socket$inet_sctp-getsockopt$inet_sctp_SCTP_AUTOCLOSE-connect$pppoe-bpf$MAP_CREATE-socket$nl_route-syz_init_net_socket$bt_l2cap-bind$bt_l2cap-sendmsg$nl_route-socket$rds-bind$rds-sendmsg$rds
detailed listing:
executing program 0:
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0xa, 0x0, 0x0, 0x7, 0x0, 0x0, 0x25dfdbfd, [@sadb_x_filter={0x5, 0x1a, @in6=@empty, @in6=@mcast1, 0x15, 0x14, 0x4}]}, 0x38}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$l2tp(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_GET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, r2, 0x1, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4180}, 0xc000)
sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000340)={&(0x7f00000005c0)={0x3c, r2, 0x400, 0x70bd2d, 0x25dfdbff, {}, [@L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x4}, @L2TP_ATTR_DEBUG={0x8, 0x11, 0x1}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x1}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x871}, 0x8005)
r3 = socket$pppoe(0x18, 0x1, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), 0xffffffffffffffff)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_buf(r4, 0x6, 0xd, &(0x7f0000000080)='>', 0x1)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r4, 0x6, 0x15, &(0x7f0000000040)=0xffffffff, 0x4)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[], 0xc4}, 0x1, 0x0, 0x0, 0x90}, 0x20000000)
socket$nl_route(0x10, 0x3, 0x0)
connect$pppoe(r3, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e)
r5 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r5, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_AUTOCLOSE(r6, 0x84, 0x4, &(0x7f0000000800), &(0x7f0000000840)=0x4)
connect$pppoe(r5, &(0x7f0000000000)={0x18, 0x0, {0x3, @broadcast, 'vxcan1\x00'}}, 0x1e)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f0000"], 0x48)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r8, 0x0, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="30000000100001000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r9 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r9, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r9, &(0x7f0000000380)={&(0x7f0000000040)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000500)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000400)=""/196, 0xc4}, &(0x7f00000002c0)=[{&(0x7f0000000600)=""/183, 0xb7}], 0x1, 0x0, 0x6}}, @mask_fadd={0x58, 0x114, 0x8, {{0x7fff, 0x6}, 0x0, 0x0, 0xb, 0x6, 0x40, 0x8, 0x58, 0x2}}], 0xa0}, 0x0)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): prlimit64-sched_setscheduler-prctl$PR_SCHED_CORE-sched_setaffinity-socket-syz_open_dev$MSR-mkdir-mount$overlay-chdir-socket$nl_netfilter-sendmsg$NFT_BATCH-sendmsg$NFT_BATCH-syz_emit_ethernet-syz_emit_ethernet-creat-read$msr-sendmsg$nl_route_sched-socket$netlink-socket$kcm-sendmsg$kcm-socket$netlink-syz_init_net_socket$bt_hci-bind$bt_hci-recvmmsg-bpf$PROG_LOAD-bpf$PROG_LOAD-socket$inet_udp-write$P9_RSTATu
detailed listing:
executing program 0:
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
socket(0x2, 0x3, 0xff38)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x115)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000240), 0x0, &(0x7f0000000500)={[{@uuid_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001600)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x70}}, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000140)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x8}}}}}, 0x0)
syz_emit_ethernet(0x2e, &(0x7f0000000300)={@random="e90c630faca2", @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0xc, 0x0, @opaque="cbe66f10"}}}}}, 0x0)
creat(&(0x7f0000000300)='./bus\x00', 0x0)
read$msr(r0, &(0x7f0000000400)=""/102400, 0x19000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="d800000019008111e0020f060d8107040a60000000000000000855a12a00090008000699e3ffffff14000500fe80817806000567b8b7b94002000009080016060000000000000000d67f6f9400f7d1d9bbe94fa27100a007a2f7457f01896034277ce06bbace8017cb39b62ee5a7cef4090000001fb791643a5e83d42365f003724a237ee4b11602b2a10000000014d6d930dfe1d9c322fe040000005025acca262f3d40fad95667e006dcdf634c1f215ce3bb9ad809d50b694138c9f1ac76efb42a9ecbee5de6ccd44242f4d643f6fd0f26187b51980dd6", 0xd8}], 0x1}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
recvmmsg(r3, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=""/3, 0x3}, 0xa}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000140)=ANY=[@ANYBLOB="050000000000000073110900000000008510000002000000850000008800000095000000000000009500a5050000000061f73e5058f8dce2fd"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x11, 0xb0}, [@ldst={0x5, 0x0, 0x6}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
socket$inet_udp(0x2, 0x2, 0x0)
write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000019400)=ANY=[], 0x237)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$nl_rdma-readv-sendmsg$RDMA_NLDEV_CMD_RES_GET
detailed listing:
executing program 0:
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
readv(r0, &(0x7f0000000000)=[{&(0x7f0000000100)=""/252, 0xec0}], 0x1)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, 0x0, 0x0)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$sndseq-ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS-ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO-mmap-prlimit64-sched_setscheduler-getpid-sched_setscheduler-bpf$PROG_LOAD-bpf$MAP_CREATE-bpf$PROG_LOAD_XDP-arch_prctl$ARCH_SET_CPUID-bpf$PROG_LOAD-bpf$BPF_RAW_TRACEPOINT_OPEN-bpf$PROG_LOAD-bpf$MAP_UPDATE_ELEM_TAIL_CALL-bpf$BPF_PROG_TEST_RUN-bpf$BPF_RAW_TRACEPOINT_OPEN-syz_init_net_socket$bt_hci-io_submit-syz_open_procfs-futex-futex-ioctl$AUTOFS_DEV_IOCTL_REQUESTER-timer_create-timer_settime
detailed listing:
executing program 0:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000400)={0x131, @tick, 0x0, {0x4}})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000480)={0x0, 0x0, 0x0, {}, 0x7})
mmap(&(0x7f0000fec000/0x14000)=nil, 0x14000, 0xb, 0x2010, 0xffffffffffffffff, 0xeff0a000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1899ec9a1ecbf4ffcc0000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400", @ANYRES32=0x1, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000080000000000000000000181100", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
arch_prctl$ARCH_SET_CPUID(0x1012, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='syzkaller\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000008c0)='page_pool_state_hold\x00', r4}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000007c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002c00000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r3}, &(0x7f0000000300), &(0x7f00000003c0)=r2}, 0x20)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r5, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000380)='kmem_cache_free\x00'}, 0x10)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
io_submit(0x0, 0x1, &(0x7f0000000340)=[&(0x7f0000000700)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r6, &(0x7f0000000040)="4200ffff0000", 0x6, 0x0, 0x0, 0x2}])
r7 = syz_open_procfs(r1, &(0x7f0000000000)='net/stat\x00')
futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r7, 0xc018937b, 0x0)
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
detailed listing:
executing program 0:
syz_mount_image$bcachefs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x1000001, &(0x7f0000000140)=ANY=[@ANYBLOB="6572726f72733d636f6e74696e75652c6572726f725f736166652c6a6f75726e616c5f7472616e73616374696f6e5f6e616d65736f6e5f757067726164653d6e6f6e652c736d61636b66736861743d2a2c6f626a5f747970653d28aa2900212c667521633d4b455845435f4b45564e454c5f434845434b2c657569643d00"/136, @ANYBLOB="54e247c79617426b09dd74f53e933283fd6480bf340fccfd4af2d70482b595d99ce84ce3caeb876e317cfaa6b634e7397889be79cfdb92117ddbf0d5d793e20d169c207992d2282aa9f62202a0c012675b4babb84572bbb58e0d11a0f7519dd563f7f0fbb7e7e46c5a3b53e4d9c621c7a75a2e1633490d042569a35a47e0150a79fa33adfd1ae67484c2d0963f27dfca", @ANYRESDEC, @ANYRES32, @ANYRESHEX=0x0], 0x0, 0x595c, &(0x7f00000002c0)="$eJzs3X+MXGW9MPDnzMzuTnf7Y1tAKsh2KVQR1LaABH9Eq6+/AkhqMEp5q7DQLVbb0rRFoKAUX/CFAAaNRlH/QILkBashgVepBOTHbbmKEq5ecoPk6r3oTbxBLo1AQ4zX3uzOeWZnz87ZMzs7C235fNLumfPMme/znOc8c+Z8n5ndCQAAALwm7L5my94zj/jgL740/NKVH/nphqtCX3m0vBo36E+Xl75aLWQmlTLrPZWFo8vsuHjT5Xf+cfCC9//8rt7vv7xrzdFrf/uBQy6477On7bz5Ow+9OOeevz9TVE8cT8ePrSfPJSFU79/zjS/veuzwkbIkhFBO+reHMD9Z8ND8JBNi2V9DCGvq7Rx/590vnbR2ZHnV9T3jyudlghjvr23VdJxt23vJCeF371t19a8W/eiHXTue3T62SVJtGE8hzD2v8fFdIYRZ6f8RcbQtjA9OlytDCL0Njzu1oF3HtNj+pTnrR6bL7nS5rzx5nL50uTiznj0fZNejrsyyd/LqQkNXtSWvHe1uV2R2Zj17MpquvHbG8vnp8ifp8vgpxi/H/0koJaFSb/76ZGyMhIbjloRk9FhW6+ulcfucNBzrdD3JrJcy6+WuzH6N1psOtHKSjC+P22XK4+m4kpYf3XiubuKsnPLXp8tq+kR9Oa6H7I2avgk36vs1KrZrzyRteSWUcp5Ysbx+DEcORsNrZl+yYMJj9jUR79u16oYl5dUP7+7PaUdyV62mvtGRNPX42345f/anf3DdxQvz4p9XSuOX2or/+9Mff/6c6279dm78m2L8clvxT3yg97nTH7lmcW7/7In9U2kr/tAzj9646NDzd+S2/5YYv9pW/BU7H++Zs/eBB3Pbvyz2z6y24j/9rg/94Y4n7322If64U2ASYvzetuKv3rnpKz0De4/Lbf+DsX/62hs/L+w45amBgT8N5sV/Isaf01b827ff/M7b5l1/Wu7xXRn7p7+t+Gcce9/Vs/fee1TeuTO5ZWqvnN1T2hrg4HdIesl4bbrebp45XQ35wrcGK7XrwJjTzOlkRRkj9cydwfgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvDYddsI/fvjfP9H/XCVd70lvPF2qLWN5dwjJrBDClq1Dm7eu23jh4GcvunjzxqH1g0NbB4c3bt182eDJbxncPLxp/dBlI/cue+tJtcctCEltmRw1oe59+/btK/WPL4v1/a9jd/xuyan/+ecQlh32m4FKbvuX3rzhtkOb/MxIVux774aLz/zN27+X7ld/2q7+nHaFnHb919l/u+1re/54XAjLXjdZux59+j0/G9eg0YKxOKlST6g1qCfpbdqOeqvT9sT+qqxdt354WXH/lnP2439f/uxf11761b/V+reaux8t9u+sFfvWl7656oz//uYVtYIFIcbcv457UX/HvYjti/1XTft7btrfc3P6u5KzX9f86sEn7z/iuhe3h2WVFxZNrLtov7rSAdCVvL6lemMNvcn8ceXVdPt4dOLjlm7dsGnplsu2vXXdhqELhy8c3viO5ScvP+U/bg1h6eieL+3w/sf639ji/r8y55F5n9/+k/iztfFU1K6i/hhpV3F/NLYo7/nXe9aXv/6Omx85s1ZQNM7j1vXzSbrsHTnOy0PDeJvYV832q6gfQgiDzfrh+RdPC4f/y7qri85DjUem8WdGsmLfY4v/8r1Tv7vw3bWCV+Q839igNs/z9VaPtWe0v6rp8dhf+7cnlNP96mvaruWPPdJ1w+4/f6Hevu7ucOnQ1q2bl9d+zk5bOjs5smm7sqVxvxaN/iyHtFtCfZg2Ga8jukKtfdnzZ9w826t96X19yYLMPd2j+5UV79216oYl5dUP787r6eSuWo2zwpzaMnlDzpbrMw8s1xvcrP6pjI9k+/4zPgY+/N17PnHPj0+O7esOoTY+Tqz9zNuvnlDvjqbj/kdP3v7173/1//64c/v14fc83v+Xf/3MklrBgXJeqbc6bU/SeF45MYSi59+i0Hw/cp9/peb7U/T8y9Yztn3zeIOZ9b5Qznm+Nn++xPtOfKD3udMfuWZx7vN1T6vP1yvGrZULnq/7y/gpOm/M3PNr3EBJVuz7+bWHbH/oypVH1AqKxnV962bj+qQW8s6c/frZOU8NXDT4f/65c+eNO99y97m/HVrxxVrB/nLcq2n/VnP6t97qmHc29u/bLrho/Zpa+f57/ZsuC/KfeCrZctm2zw2tXz+8eUtr+9Xq9VasJ9vL7b6exrPbgoL9Kk3Yr87fWDFylZL2WKeeb7H9a9rur/HPt76QtPW6sO2X82d/+gfXXdw/4VFpReeV0viltuL//vTHnz/nulu/nRv/phi/0lb8oWcevXHRoefvyI1/S5LGr7YVf8XOx3vm7H3gwdz4y2L7Z7UV/+l3fegPdzx577O58UOM39de/7+w45SnBgb+lBv/iSStZ+QaKYS7XzppbW09CV3p8y22o2tcu0J2PcmslzLr5cb1UnoNHCsoJ8n48rhdWn50Q1ua+WROebwKqy6sLV+O6yF7Y/Ly/U2p4dzfrLzoOhUA4GAX3/+P16Dx/f/h9EIpf6YBxhTlYY23m+VhC3PixjxsbD6ne9z9C9OY8fFxHnDgbWHZyPKqwdqF/lTnOePzITvPGes57pjxMdqd5yyaf1+cWY/tqs2XVxry0NTEvKYSWph/n1jP5PPvmd0vnh8fvHZCswYb5q2yx68rnTFr9nmHTHsrIxHyxkd2Xix+nmNgblg5Wl+L4yP7OZp4HLKfo4n1HFEZf+Zs93M00x0fsdmTjI/RJhe/vzHx+IVJ+nfs+DWPlj1+Uzje1ZHt89+fnXzep9X3Zw/8ecOZfT/MvGRO/PQJtr/PG8byuB+VFucTP5FT3qn5xHi6iO3aM0lbXgnmE4GDVcz/42tET6V5yl90HZq9aozxcj8nVG7enqK8Y+Ln9Hrbeh1fvXPTV3oG9h6Xe53zYKuf+9k0bq234HM/Rf24JLNe2I85EzRF+V62nqJ+z34uoy/Mif3+pq9n7pus32/ffvM7b5t3/Wm5/b6y9kJa3O/ja51T0O/yhZz4+3G+UHkN5QvT/RxD0fzZq5aPpB98mql85OM55VPMR8aalPmg1gGbj3S9su0CAA4cMf+vv39Wqb0B92+Z7Yry1uMz6zFebt6ac32Sl7d+NF1emtm+L/2NiqleN59x7H1Xz95771G5ecstreah/2/cWn9hHjqnrfbGvDk3j1jZmc+L5+YR9TxrenlibvvreeL08vTc+PU8fXp5dG7/1PPo6c0D5MavzwNMOc+NQ3w/yXNndr7uoM2j01+fnak8+qyc8qm+r9c34UZ9v0bJowEAXl0x/68nCWn+/0hmu+let+fmBR26bs/+PZB6/CdeqbxypvO+mc5bZzqvn+l5iQP9/d+Znhea2XkyeXG6HrI3avbvvPj+O+MteTEAwMEt5v+z0vX8/H96+Ulu/lbPT15z+XkSwnb5+QGTnx/o818zm//HX0MpzP/HPh4j/99v8v8x8n8AgINbzP/jrz3Gv//3D+l69u/Wvwbz9FET8/TxV8nydHn6pOOn5Tx9pufZfA7APEAx8wAAAAeXrtFMaeLv2X8qXWZ/zz7v9/LPydm+VZXR37EP4fytm4eHz71405qhrcPnbrxozfCWcy/ZvG7r1uGNte2mmzfm5i1p3tgVKml/NN8um7fNS9/xnJfz9xCy28ewR47emPj3ELLVzir4OwJjx6+19uYdv9Ik2zcbH3nHOy/+J3O2j+rH/4LPnHju2i3nrtu4buu6ofXrtg2P324ka+2dwvdmxm6Z0vdmZn5MUJr693d2ph2lCe3oSvsj7/vZk0w75qctmZ/3/Qc57f7FP33t88fu+9sdISw7rPyGafVfsmLf/z97+KNbd/9m00j7S5O2v75l2q6i7yvNbh/3p7L+oi1bT1h70cUbs98o2Z44n1Gqr8/QfEb69C+3OD+xOqd8CvMTZ4TGP8ua8/dZ9xctz08AADBOfP8/Xs/G9w+/ml5AxfLW8/TpvX/c9Bq3NPb+cVGenv1esqI8Pbt93N9W8/TqNPP0bP1FeXqz7Zvl6Xl5d178j+dsP1Wtj5Ppfc4jdz7nvNbGSfb7DIrGSXb7qY6TZJrjJFt/0Thptn2zcZJ33PPifyxn+zytj4fpfS4ndzzc1Np4eHNmvWg8ZLef6ngoTXM8ZOsvGg/Ntm82HvKOb178M3O2HzMr954wYXyMDIzRcTF87iUXbf5cw3Yz/f0X02/fzH7/R7tab//Mfu5r5ts/s58rm/n2T+9zZbntf2J6M2Gtt39mvw+yXa/YfG36YbOiz58VzeOuyimf6ufMuifc2D+Zx4VXT8z/49s9Mf+/Pl12+m2gA/970iZ7neua9uvcgf/5+5m9jvF6Pkll+wGv5wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACt6aksHF3uvmbL3jOP+OAvvjT80pUf+emGq950+Z1/HLzg/T+/q/f7L+9ac/Ta337gkAvu++xpO2/+zkMvzrnn788UBu6vLY5PV6shJM8lIVTv3/ONL+967PCRsiSEUE76t4cwP1nw0PwkE2HZX0MIa+rtHH/n3S+dtHZkedX1PePK52WCZPcr9JVje8a1M1xauEccgKrpONu295ITwu/et+rqXy360Q+7djy7fWyTpNownkKYe17j47tCCLPS/yPiaFsYH5wuV4YQehsed2pBu45psf1Lc9aPTJfd6bKvIE68f3FmvZTZLrsedWWWvQX1TVdeO9rdrsjszHr2ZDRdee2M5fPT5U/S5fFTjF9Oj005CaUkVOrNX5+MjZHQcNySkIxuX62vl+rHNqT7n1lPMuulzHq5K7Nfo/WmA62cJOPL43aZ8ng6rqTlRzeeq5s4K6f89emymj5RX47rIXujpm/Cjfp+jYrt2jNJWxp0t7bZ1JUazkHNyusHPj0YfWlZX7JgwmP2NRHv27XqhiXl1Q/v7s9pR3JXksZP2oq/7ZfzZ3/6B9ddvDAv/nmlNH6prfi/P/3x58+57tZv58a/KcYvtxX/xAd6nzv9kWsW5/bPntg/lbbiDz3z6I2LDj1/R277b4nxq23FX7Hz8Z45ex94MLf9y2L/zGor/tPv+tAf7njy3mdz44cYv7et+Kt3bvpKz8De43LjPxj7p6+98fPCjlOeGhj402Be/Cdi/Dltxb99+83vvG3e9aflHt+VsX/624p/xrH3XT17771H5Z07k1s69coJ8Np0SHqNdW263m6eOV0N+cK3Biu1a77Z6f85tfKiFLEtI/XMnYnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAc1H59xcmfOvu9H1tVSUJIcrbZ10S8r9y9YkU79Q498+iNiw49f0dj2cJ2AgEAAACFYh5eqpdUw8JwSTIrHNl0+zhHcGRcS8aXZ+cQZo1t2ZE4pQ7FKXcoTqVDcbo6FKe7Q3F6OhSnWhCnGlqLM2vSOKWW29PboTh9HYozu0Nx5nQoztwOxZnXoTj9k8ZpfRzO71CcBR2Kc0iH4hzaoTiHdSjO6zoU5/AOxcnOKU91HM5JtzwiL87ojXJhnEpSrt/RbD491nPUNOvpa7GewWnWM6vFeo7JPK40xXqqLdbzxmnWk7RYz5unWU+poJ44bi/Nti/WE9daHP+XdSjOtg7FubxDca7oUJwvdCjOFzsU58ppxgFoVcz/x/K9/tBTeXfoTc842VmAmO8uGv058fUu74QU470hU95dFC+bqGfiLZpq+7ITCJl4izPlXePiVer5yCTxqo3xlmTuLNzf7IRCpn3HZ8p7iuJlJxYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAb9+oqTP3X2ez+2KiRh5F9T+5qI95W7V6wYbKPeXatuWFJe/fDuxrKeShuBAAAAgEIxD++ql1RDT2V56Em6x21XTecBqul6ub+2HJgbVo4sk8HS6HpvMn/Sx1XSxy3dumHT0i2XbXvrug1DFw5fOLzxHctPXn7Ksref8vala9etH15W+xlCT0G8EMLo9MOWy7Z9bmj9+uHNW2qF2fYvTB+3PV1P0scNvC0sG1lelbZ/QUF9pQn1zdyN4qMHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/8Ou3Ya6ddYBAH9Okpukd6vL2FtW1rvQl1F1aFvvpNOxe0BwsHWll4Ek0+sotsXh7Vq2dtQZtwtus0URNgql0i+VOtwcftmcG+JeKFRmteKtRbah+6AflE0n3egH6Yj0Jic3SZPmNpb1xd/vwzk5/+f/PP/znEsL/5MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHy0pqujE+Wx8cpwFELUI6fWRTKWzsZxaYC6X3lpyw9yI8eXtcZymQEWAgAAAPpK+vChZiQfcpl0SIdrZ64WhZaBMNv3AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/wfmtV9OV0cnymPjlUuiEKIeU2pdJGPpbByXBriNt99/9rNvjIz8vTVWHGAdAAAAoL+kD081I/lQDIvDUHRtW17ybmBBx/zOvGSdhXPM63x30Ctv8Rzzbphj3sf75K1pnLcHAAAAuPAl/X+mGSmEXGZ+z/6/X1+f5F3fkZdunAf5rQAAAADwv0n6/1wzUgy5TLHZr8+131/UkZfM7/e9fTJ/aY/5/b7Pv7Nx9j09AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFw4pqujE+Wx8Uo6CiHqkVPrIhlLZ+O4NEDdlS8P//OOA48tao3lMqfmRVMDLA4AAAC0Sfrw2dY7H3KZ4TAULpnp+0du2/v8l55/YTSEUG/zs9mwfd3WrfevrB+TvBWHDgx9/+C73z4lb0X9eM42CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnDXT1dGJ8th4ZV4UQtQjp9ZFMpbOxnFpgLpvff6Lf3366IvvtMaKA6wDAAAA9Jf04bO9fz4UQzZkw9UzV629/kmpjvm93hkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF48HvvnQN9ZNTm6434eL9MPlv6//pc+X+zmzD/M+yqJp/xxmP5zr/5kAAICz7foQhdoZumbtub5rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgfDBdHZ0oj41X8lEIUY+cWhfJWDobx6UB6sYvHc7NP/7yq62x4gDrAAAAAP0lffhs758PxTAUhsJVM1fd3gnM9P+FuVYYOjs3CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJw3pqujE+Wx8cr8KISoR06ti2QsnY3j0gB1n5ra87n9l33v9tZYLjPAQgAAAEBfSR+ebUbyIZf5RMiF6xrXk+0TonTj3P29wOy8LW3Thuc8r9o2Lz3neTs6dpZp7KY+L5+sV6ifm/NKp84rtcwrhmb5Utu8sKtt1vw+9xkAAADgHEr6/1wzUgi5TK6lz/1JW35BnwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9DBdHZ0oj41XoiiEqEdOrYtkLJ2N49IAdR/67eWXfvWnO7e1xooDrAMAAAD0l/Ths71/PhTDwvCxsHCm7w+FenSoMZrk/at8Yv+T//7bshCWX31kJNNz/V+/desrnYcQUu1JqRAua9SLCu1DSb3f/OHJB5fUTjwdwvKr0td1q5ef6l2vfcm4lg0hbD14ZMtcnhAAAABc+JL+f6gZKYRc5r5T+v9E0nmfUf9/2YNTv7iycWx05B0zUoVGvVSPel9Y8uxflq76x7sn+//T1fv0nk37r2wrWI90iOLa2KZta47ctC+V7LpeP91RP3kuX/7WO//ZuP2JE/X6+ZBvxBdkutU/9dhhXlybTO2urP5wd7W9fqbH/h/73atHf7Vg5wcn679//XCz/g2n2f/p6w/f9fium/ccWNNeP4RQ6lb/vQ9uD9f86d5HO/c/3LFw65NvPXaI4tqhRcf2rdpbvKW9ftRRP3n+Pzv61K4fP/HdF5L6yW9Fli2ea/1UR/3Xd1wx9dojaxe010/12P8rd78xsrn0nT927n/9wPt/5sbn7nlzXfxw5xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDFZbo6OlEeG6+kohCiHjm1LpKxdDaOSwPUffuOw+/dvfNHP2yNFQdYBwAAAOgv6cNne/98KIZsyIbhmb7/5+UNd249eGRLKNRHo8Y5M7n5ga2f3Lh5233rc+fo1gEAAIA5Svr/TDNSCLnMkjDU6P/HNm1bc+Smfamk/08l/f/Geyc3LA/NvNd3XDH12iNrFzTfE4Qw87OA/Mm8z8zm3Xbr4cKxP399ade8lbN5h6Jj+1btLd6S5IXWvBWh+X7imRufu+fNdfHDzftrzfvU1zZPrq/Hk3WH73p81817Dqxp7qNxHm6sm+RNpnZXVn+4u5rkpRvnfGPffW0e6M8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABe06eroRHlsvBLSIUQ9cmpdJGPpbByXBqi7eskvH730+IsLW2O5zAALAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/2YEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsJ+/YVIVcVxAD93ZrYdZ3Z1N4O2onW1orCHpCCiXioqQiOEngwJS/MhCoKIwh7S0Eis6CXIepGooNpCKMhNEk3W6J/00kMFBdZDINJCOUgPFbtzzjh73dvkXQuqzweGs+fce7/3d+85c3cuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8K/SXxuZaQ9te6h1+/k3f/LEvccfv/X9B7Zc+tgbP4ytv/Hj3Y1XT0xuWLrx65sWr99738qJnS8d+GXw3d+O9Ax+tN0sj916CNmxLIT6B1PPPzn56bnTY1kIoXpW3OHAcJZLWPFrCGFDp87ZG985ftXG6XbLjv5Z44tyIfnrCs1qqqdtaHa9/LfU4zrb1Hrk8vDtDWu2fr7k7bf6xo9uPrlLVu9aTyEsXNd9fF8IYUH8TEurbSQdHNvVIYRG13HX9Kjror9Y/xUF/Qtim74+zR45afuyXL+S2y/fT/pybaPH+earqI6y+/UykOvnH0bzVVRnGh+O7XuxXX6a+dX0yUIlC7VO+fdnJ9dI6Jq3LGQzc1nv9CuduQ3x+nP9LNev5PrVvtx1zZw3LrRqls0eT/vlxtPjuBbHl3Y/q+dwR8H4ebGtxy/qidQP+T/amqf80bmuGamuqT+p5Z9Q6XoGzTXemfg4Gc041szOPuWY3+eQtk2uefqS6toPDw0V1JHtzmJ+Vip/02fDA3e9uf3hkaL8dZWYXymV/92qwz/duf3lFwvzn0v51VL5V+5rHFt1cNuywvszle5PrVT+3Uc+embJOfeMF9a/K+XXS+VfP3G4f7C1b39h/SvS/VlQKv+b6275/vUv9xwtzA8pv1Eqf+3Eg8/2j7YuK8zfn+5Ps9z6+Xn86q9GR38cK8r/IuUPlsp/bfPOa19ZtGNl4fyuTvdnqFT+bRfv3TrQ2nNh0bMz23Wm/nMC/D8tjr+xnor99nvmwXC675nz1fW+8MJYrf2bbyB+Bs/kiXKmz7Pwb8wHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD/YgQMSAAAAAEH/X7cjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgqQAAAP//STwk1A==")
program crashed: KASAN: use-after-free Read in bch2_check_dirents
single: successfully extracted reproducer
found reproducer with 1 syscalls
minimizing guilty program
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: use-after-free Read in bch2_check_dirents
simplifying C reproducer
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: use-after-free Read in bch2_check_dirents
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: use-after-free Read in bch2_check_dirents
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
testing compiled C program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:false Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: no output from test machine
a never seen crash title: no output from test machine, ignore
reproducing took 1h12m57.913868809s
repro crashed as (corrupted=false):
bcachefs (loop3): check_dirents...
dirent points to missing inode:
u64s 8 type dirent 4096:6728544935518790663:U32_MAX len 0 ver 0: lost+found� -> 4097 type dir, fixing
==================================================================
BUG: KASAN: use-after-free in check_dirent fs/bcachefs/fsck.c:2443 [inline]
BUG: KASAN: use-after-free in bch2_check_dirents+0x2bdc/0x3ef0 fs/bcachefs/fsck.c:2468
Read of size 1 at addr ffff888045163070 by task syz-executor112/9064
CPU: 0 UID: 0 PID: 9064 Comm: syz-executor112 Not tainted 6.14.0-rc2-next-20250214-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:410 [inline]
print_report+0x16b/0x5a0 mm/kasan/report.c:510
kasan_report+0x143/0x180 mm/kasan/report.c:623
check_dirent fs/bcachefs/fsck.c:2443 [inline]
bch2_check_dirents+0x2bdc/0x3ef0 fs/bcachefs/fsck.c:2468
bch2_run_recovery_pass+0xf0/0x1e0 fs/bcachefs/recovery_passes.c:226
bch2_run_recovery_passes+0x2ad/0xa90 fs/bcachefs/recovery_passes.c:291
bch2_fs_recovery+0x2c5c/0x3e00 fs/bcachefs/recovery.c:973
bch2_fs_start+0x37c/0x610 fs/bcachefs/super.c:1041
bch2_fs_get_tree+0xdb7/0x17a0 fs/bcachefs/fs.c:2203
vfs_get_tree+0x90/0x2b0 fs/super.c:1759
do_new_mount+0x2be/0xb40 fs/namespace.c:3659
do_mount fs/namespace.c:3999 [inline]
__do_sys_mount fs/namespace.c:4210 [inline]
__se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4187
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa63d0b0c8a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdb81a9238 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffdb81a9250 RCX: 00007fa63d0b0c8a
RDX: 0000400000000000 RSI: 0000400000000040 RDI: 00007ffdb81a9250
RBP: 0000400000000000 R08: 00007ffdb81a9290 R09: 0000000000005956
R10: 0000000001000001 R11: 0000000000000282 R12: 0000400000000040
R13: 0000000000000004 R14: 0000000000000003 R15: 00007ffdb81a9290
</TASK>
The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x45163
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as freed
page last allocated via order 5, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP), pid 9064, tgid 9064 (syz-executor112), ts 495068659526, free_ts 499373934615
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1629
prep_new_page mm/page_alloc.c:1637 [inline]
get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3555
__alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4817
__alloc_pages_noprof+0xa/0x30 mm/page_alloc.c:4851
__alloc_pages_node_noprof include/linux/gfp.h:265 [inline]
alloc_pages_node_noprof include/linux/gfp.h:292 [inline]
___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4253
__kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4280
__do_kmalloc_node mm/slub.c:4296 [inline]
__kvmalloc_node_noprof+0x71/0x580 mm/slub.c:4987
btree_bounce_alloc fs/bcachefs/btree_io.c:124 [inline]
bch2_btree_node_read_done+0x380b/0x6180 fs/bcachefs/btree_io.c:1223
btree_node_read_work+0x6e2/0x1380 fs/bcachefs/btree_io.c:1359
bch2_btree_node_read+0x243c/0x2a00
__bch2_btree_root_read fs/bcachefs/btree_io.c:1790 [inline]
bch2_btree_root_read+0x626/0x7b0 fs/bcachefs/btree_io.c:1812
read_btree_roots+0x3d3/0xa70 fs/bcachefs/recovery.c:581
bch2_fs_recovery+0x2623/0x3e00 fs/bcachefs/recovery.c:928
bch2_fs_start+0x37c/0x610 fs/bcachefs/super.c:1041
bch2_fs_get_tree+0xdb7/0x17a0 fs/bcachefs/fs.c:2203
vfs_get_tree+0x90/0x2b0 fs/super.c:1759
page last free pid 9064 tgid 9064 stack trace:
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1205 [inline]
__free_pages_ok+0xbbf/0xe40 mm/page_alloc.c:1349
__folio_put+0x2b3/0x360 mm/swap.c:112
folio_put include/linux/mm.h:1457 [inline]
free_large_kmalloc+0xfe/0x180 mm/slub.c:4742
kfree+0x212/0x430 mm/slub.c:4810
btree_bounce_free fs/bcachefs/btree_io.c:112 [inline]
btree_node_sort+0x1100/0x1830 fs/bcachefs/btree_io.c:380
bch2_btree_post_write_cleanup+0x11a/0xa70 fs/bcachefs/btree_io.c:2484
bch2_btree_node_prep_for_write+0x345/0x660 fs/bcachefs/btree_trans_commit.c:93
bch2_trans_lock_write+0x627/0xb10 fs/bcachefs/btree_trans_commit.c:129
do_bch2_trans_commit fs/bcachefs/btree_trans_commit.c:839 [inline]
__bch2_trans_commit+0x31ec/0x9c80 fs/bcachefs/btree_trans_commit.c:1047
bch2_trans_commit fs/bcachefs/btree_update.h:183 [inline]
check_dirent fs/bcachefs/fsck.c:2438 [inline]
bch2_check_dirents+0x292f/0x3ef0 fs/bcachefs/fsck.c:2468
bch2_run_recovery_pass+0xf0/0x1e0 fs/bcachefs/recovery_passes.c:226
bch2_run_recovery_passes+0x2ad/0xa90 fs/bcachefs/recovery_passes.c:291
bch2_fs_recovery+0x2c5c/0x3e00 fs/bcachefs/recovery.c:973
bch2_fs_start+0x37c/0x610 fs/bcachefs/super.c:1041
bch2_fs_get_tree+0xdb7/0x17a0 fs/bcachefs/fs.c:2203
vfs_get_tree+0x90/0x2b0 fs/super.c:1759
Memory state around the buggy address:
ffff888045162f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff888045162f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff888045163000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
ffff888045163080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff888045163100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
final repro crashed as (corrupted=false):
bcachefs (loop3): check_dirents...
dirent points to missing inode:
u64s 8 type dirent 4096:6728544935518790663:U32_MAX len 0 ver 0: lost+found� -> 4097 type dir, fixing
==================================================================
BUG: KASAN: use-after-free in check_dirent fs/bcachefs/fsck.c:2443 [inline]
BUG: KASAN: use-after-free in bch2_check_dirents+0x2bdc/0x3ef0 fs/bcachefs/fsck.c:2468
Read of size 1 at addr ffff888045163070 by task syz-executor112/9064
CPU: 0 UID: 0 PID: 9064 Comm: syz-executor112 Not tainted 6.14.0-rc2-next-20250214-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:410 [inline]
print_report+0x16b/0x5a0 mm/kasan/report.c:510
kasan_report+0x143/0x180 mm/kasan/report.c:623
check_dirent fs/bcachefs/fsck.c:2443 [inline]
bch2_check_dirents+0x2bdc/0x3ef0 fs/bcachefs/fsck.c:2468
bch2_run_recovery_pass+0xf0/0x1e0 fs/bcachefs/recovery_passes.c:226
bch2_run_recovery_passes+0x2ad/0xa90 fs/bcachefs/recovery_passes.c:291
bch2_fs_recovery+0x2c5c/0x3e00 fs/bcachefs/recovery.c:973
bch2_fs_start+0x37c/0x610 fs/bcachefs/super.c:1041
bch2_fs_get_tree+0xdb7/0x17a0 fs/bcachefs/fs.c:2203
vfs_get_tree+0x90/0x2b0 fs/super.c:1759
do_new_mount+0x2be/0xb40 fs/namespace.c:3659
do_mount fs/namespace.c:3999 [inline]
__do_sys_mount fs/namespace.c:4210 [inline]
__se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4187
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa63d0b0c8a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 ee 08 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffdb81a9238 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffdb81a9250 RCX: 00007fa63d0b0c8a
RDX: 0000400000000000 RSI: 0000400000000040 RDI: 00007ffdb81a9250
RBP: 0000400000000000 R08: 00007ffdb81a9290 R09: 0000000000005956
R10: 0000000001000001 R11: 0000000000000282 R12: 0000400000000040
R13: 0000000000000004 R14: 0000000000000003 R15: 00007ffdb81a9290
</TASK>
The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x45163
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as freed
page last allocated via order 5, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP), pid 9064, tgid 9064 (syz-executor112), ts 495068659526, free_ts 499373934615
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0x1f4/0x240 mm/page_alloc.c:1629
prep_new_page mm/page_alloc.c:1637 [inline]
get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3555
__alloc_frozen_pages_noprof+0x292/0x710 mm/page_alloc.c:4817
__alloc_pages_noprof+0xa/0x30 mm/page_alloc.c:4851
__alloc_pages_node_noprof include/linux/gfp.h:265 [inline]
alloc_pages_node_noprof include/linux/gfp.h:292 [inline]
___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4253
__kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4280
__do_kmalloc_node mm/slub.c:4296 [inline]
__kvmalloc_node_noprof+0x71/0x580 mm/slub.c:4987
btree_bounce_alloc fs/bcachefs/btree_io.c:124 [inline]
bch2_btree_node_read_done+0x380b/0x6180 fs/bcachefs/btree_io.c:1223
btree_node_read_work+0x6e2/0x1380 fs/bcachefs/btree_io.c:1359
bch2_btree_node_read+0x243c/0x2a00
__bch2_btree_root_read fs/bcachefs/btree_io.c:1790 [inline]
bch2_btree_root_read+0x626/0x7b0 fs/bcachefs/btree_io.c:1812
read_btree_roots+0x3d3/0xa70 fs/bcachefs/recovery.c:581
bch2_fs_recovery+0x2623/0x3e00 fs/bcachefs/recovery.c:928
bch2_fs_start+0x37c/0x610 fs/bcachefs/super.c:1041
bch2_fs_get_tree+0xdb7/0x17a0 fs/bcachefs/fs.c:2203
vfs_get_tree+0x90/0x2b0 fs/super.c:1759
page last free pid 9064 tgid 9064 stack trace:
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1205 [inline]
__free_pages_ok+0xbbf/0xe40 mm/page_alloc.c:1349
__folio_put+0x2b3/0x360 mm/swap.c:112
folio_put include/linux/mm.h:1457 [inline]
free_large_kmalloc+0xfe/0x180 mm/slub.c:4742
kfree+0x212/0x430 mm/slub.c:4810
btree_bounce_free fs/bcachefs/btree_io.c:112 [inline]
btree_node_sort+0x1100/0x1830 fs/bcachefs/btree_io.c:380
bch2_btree_post_write_cleanup+0x11a/0xa70 fs/bcachefs/btree_io.c:2484
bch2_btree_node_prep_for_write+0x345/0x660 fs/bcachefs/btree_trans_commit.c:93
bch2_trans_lock_write+0x627/0xb10 fs/bcachefs/btree_trans_commit.c:129
do_bch2_trans_commit fs/bcachefs/btree_trans_commit.c:839 [inline]
__bch2_trans_commit+0x31ec/0x9c80 fs/bcachefs/btree_trans_commit.c:1047
bch2_trans_commit fs/bcachefs/btree_update.h:183 [inline]
check_dirent fs/bcachefs/fsck.c:2438 [inline]
bch2_check_dirents+0x292f/0x3ef0 fs/bcachefs/fsck.c:2468
bch2_run_recovery_pass+0xf0/0x1e0 fs/bcachefs/recovery_passes.c:226
bch2_run_recovery_passes+0x2ad/0xa90 fs/bcachefs/recovery_passes.c:291
bch2_fs_recovery+0x2c5c/0x3e00 fs/bcachefs/recovery.c:973
bch2_fs_start+0x37c/0x610 fs/bcachefs/super.c:1041
bch2_fs_get_tree+0xdb7/0x17a0 fs/bcachefs/fs.c:2203
vfs_get_tree+0x90/0x2b0 fs/super.c:1759
Memory state around the buggy address:
ffff888045162f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff888045162f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff888045163000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
ffff888045163080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff888045163100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================