Extracting prog: 2m34.359319563s
Minimizing prog: 30.29µs
Simplifying prog options: 0s
Extracting C: 43.985559578s
Simplifying C: 19m16.833689109s
extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
detailed listing:
executing program 0:
syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000180)='./file1\x00', 0x10, &(0x7f0000000480)=ANY=[@ANYRES32=0x0], 0xff, 0x5943, &(0x7f0000006bc0)="$eJzs3W2QXFXdIPBzu3synZm8TAI8RJDJEMjz8ICaCW+FYml0fStAKhaWEjYKA5lgNAmpJAgElOCCCwVYaGkp6ge0kFo0WlTBKpESedmEVZRidaktpFZ30Q9uIUtKIEtZrvPUTN/T03On79yenp68wO9Xmbl9T5/+n3PvPX37/k93pgMAAABvCHtv2rb//GPe/8svDL96/Yd+uumG0FseK6/GCn3p8uqD1UMOpO7KkrFldlz8y7Xf/9PAZe/9xX0933ttz7rj1//ufUdc9tCnz9l957cefWX+A/94vihuHE8nj68nLyYhVH+272tf3PPk0aNlSQihHEo7Q1iULH50UZIJMfi3EMK6dGVJ5s77Xz1t/ejyhlu7J5QvzNQz3t/Yquk427H/qlPC79+z5sZfL/3RD7t2vbBzvEpSbRhPISy4pPHxXSGEuenPqDja4niMg3Z1CKGn4XFnFfTrhBb7vyJn/dh0OSdd9hbEifcvy6yXMvWy61FXZtlT0N5M5fWj3XpF5mXWsyejmcrrZyxflC5/ki5Pnmb8cvxJQikJlXr3NybjYyQ0HLckJGPHslpfL9WPbUi3P7OeZNZLmfVyV2a7xtpNB1o5SSaWx3qZ8ng6rqTlxzeeq5u4IKf8Temymj5RX4vrIXujpnfSjfp2jYn92jdFXw6EUsM5qFl5/cCnB6M3LetNFk96zEgT8b49a25bXl772N6+nH4k9yVp/KSt+Dt+tWjeJ39wy5XZ1/V6/EtKafxSW/H/cO5TL110y3e/mRv/jhi/3Fb8Ux/uefHcx29alrt/9sX9U2kr/tDzT9y+9MhLd+X2/64Yv9pW/FW7n+qev//hR3L7Pxj3z9y24j939gf+eO8zD76QGz/E+D1txV+7e8uXuvv3n5Qb/5G4f3rbGz8v7zrz2f7+P+e9ECRPx/jz24p/z84733H3wlvPyT2+q+P+6Wsr/nknPnTjvP0PHpd37kzu6tQrJ8Ab0xHpNdbN6Xq7eeZMNeQL3xio1K755qU/8zvZUObic7SdBZ2MDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhhKNO+a8f/N8f63uxkq53pzeeK9WWsXxOCMncEMK27UNbt2/YfPnAp6+4cuvmoY0DQ9sHhjdv33rNwOlvGdg6vGXj0DWj9w6+9bTa4xaHpLZMjpvUdvfIyEipb2JZbO/fnbjr98vP+j9/CWHwqN/2V3L7v+LOTXcf2eR3RrJq5N2brjz/t2d8J92uvrRffU36NTIyMhJy+vV/L/z73V/Z96eTQhj8p6n69cRz7/r5hA6NFYzHSZW6Q61D3UlP037Ue532J+6vyvoNG4cHp96/o48v52zHv7/2hb+tv/rLf6/t32rudrS4f+euGtlY+vqa8/7/16+rFRT162Ad96L9Hbci9i/uv2q6vxek27UgZ7sqOdt1068feeZnx9zyys4wWHl56eS2i7arKx0AXcmbWmo3ttCTLJpQXk3rxyMeH7di+6YtK7Zds+OtGzYNXT58+fDmt688feWZg2ececaKsS1f0eHtj+3/c4vbf2DG08LP7vxJ/N3aeCrqV9H+GO1X8f5o7FHe86/ngi9+9e13Pn5+raBonMfa9fNJuuwZPc4rQ8N4m7yvmm1X0X4IIQw02w8vvXJOOPp/bLix6DzUeGQaf2ckq0aeXPbX75z17SXvrBUckPN8Y4faPM/Xez3en7H9VU2Px8ghun+7Qzndrt6m/Vr55ONdt+39y+fq/ZszJ1w9tH371pW13/PSns5Ljm3ar2xp3K6lY7/LId0toT5Mm4zXUV2h1r/s+TNWz+7V3vS+3mRx0+3KivftWXPb8vLax/bm7enkvlqLc8P82jJ5c07NjZkHlusdbtb+ofr8Kxof/R/89gMfe+DHp08aH6fWfhdtV5KzXT965p6vfu/L//HHnduuD77rqb6//s9PLa8VHPLnlXKtI/Vep/1JGs8rp4ZQ9PxbGppvR+7zr9R8e4qef9l2xus3jzeQWe8N5baer6c+3PPiuY/ftCz3+bqv1efrdRPWygXP10Nl/GSfX0llYj9m7/k1YaAkq0Z+cfMROx+9fvUxtYKi18t67Wbj+rQW8o+c7fr5Rc/2XzHwH/57584b33/L/Rf/bmjV52sF7R/32JfOHPdqun+rOfu33uuYdzbu37dddsXGdbXyQ/f6N10W5D/xVLLtmh2fGdq4cXjrtta2q9XX09hOdi+3+3oaz26LC7arNGm7Zu9GK/ur1edb7P+6tvfXxOdbb0jael3Y8atF8z75g1uu7Jv0qLShS0pp/FJb8f9w7lMvXXTLd7+ZG/+OGL/SVvyh55+4femRl+7KjX9XksavthV/1e6nuufvf/iR3PiDsf9z24r/3Nkf+OO9zzz4Qm78EOP3trf/X9515rP9/X/Ojf90krYzeo0Uwv2vnra+tp6ErvT5FvvRNaFfIbueZNZLmfVy43qpNtdab6CcJBPLY720/PiGvjTz8ZzyeBVWXVJbvhbXQ/bG1OWHmlLDub9ZedF1KgDA6118/z9eg8b3/4fTC6X8mQYYN9M8bElO3JiHjc/nzJlw/5I0fnx8nAfsf1sYHF3eMFC70J/u+wjx+ZCd54ztnHTCxBjtznMWzb8vy6zHftXmyysNeWhqcl5TCS3Mv09uZ+r598zmF8+PD9w8qVsDDfNW2ePXlc6YNfu8Q6a/ldEIeeMjOy8WP8/RvyCsHmuvxfGR/RxNPA7Zz9HEdo7JnDjb/RzNTMdH7PYU42Osy8Xvb0w+fmGK/Tt+/JpHyx6/aRzv6mj92X5/tgPzhk1PaQdu3nB23w8zL5kTP32CHerzhrE8bkelxfnEj+WUd2o+MZ4uYr/2TdGXA8F8IvB6FfP/+Boxmv+PXoD/v0y9ouvQ7FVjjJf7OaFy8/4U5R2TP6fX09br+NrdW77U3b//pNzrnEda/dzPlglrPQWf+ynaj8sz64X7MWeCpijfy7ZTtN+zn8voDfPb2u/37LzzHXcvvPWc3P2+uvZCWrzfvzphbX7Bfj8M8oXm8eULb4h8Ybbnzw5aPpJ+8Gm28pGP5pRPNx/pmXSjvl1jDt18ZPyFdEI+0nVg+wUAHD5i/l9//yzN//9XrJBeRxTlrSdn1mO83Lw15/okL2/9cLq8OlO/N/0fFdO9bj7vxIdunLf/weNy85a7Ws1D/9OEtb7CPHRmeXNuHrG6M58Xz80j6nnWzPLE3P7X88SZ5em58et5+szy6Nz9U8+jZzYPkBu/Pg9wuOe5BfN1mcbiaqvzdQclj14wcTtnJY9O//vsbOXRF+SUTzeP7p10o75dYw7dPHpiuTwaAHi9ivl/vIyL+f/jmXozfZ89Ny/o0HV79u+B1OM/faDyytnO+2Y7b53tvH625yUO97x4tueFZnee7KC9v3yo5MVpo/JiAAAOZTH/n5uu5+f/M8tPmuVvXRPyk8MvP2+sJz/Pif+6yc8P9/kv+b/3xYvJ/wEAXt9i/h//22P8+3//JV3P/t36wzFPD95Hl6cfNnl65+fZgs8BHNx5gLnj9c0DAABwMHSNZUqT/5/9J9Jl9v/Z5/2//Ity6reqkl4eX7p96/DwxVduWTe0ffjizVesG9528VVbN2zfPry5Vm+meWNu3pLmjV2hku6P5vWyedvC9O8hLMz5ewjZ+jHssWM3Jv89hGyzcwv+jsD48Wutv3nHrzRF/WbjI+9458X/eE79qH78L/vUqRev33bxhs0btm8Y2rhhx/DEeqNZa880vjczSX+m9X2pmV+TlKb//Z3x8MysH6VJ/ehK90fe97MnmX4sSnuyKO/7D3L6/cv/9pXPnjjy93tDGDyq/OYZ7b9k1ch/vnD4w9v3/nbLaP9LU/a/XjPtV9H3lWbrx+2pbLxi2/ZT1l9x5ebsN0q2J85nlOrrszSfkT79yy3OT6zNKZ/u5xTKk24cmlqenwAAYIL4/n+8no3vH345vYCK5a3n6TN7/zg3Tx9sLU/Pfi9ZUZ6erR+3t9U8vTrDPD3bflGe3qx+szw9L+/Oi//RnPrT1fo4mdnnPHLHySWtjZPs9xkUjZNs/emOk2SG4yTbftE4aVa/2TjJO+558T+SUz9P0Xio1MfDzD6Xkzse7mhtPPxrZr1oPGTrT3c8lGY4HrLtF42HZvWbjYe845sX//yc+q2aOD5GB8bYuBi++Kortn6mod5sf/9Fm/2bM96/2f3+j3a1vn9n93Nfs9//2f1c2ez3f2afK8vt/9Mzmwlrvf+z+/0uGXnVJz/+QM3XpmeCos+fFc3jrskpn+487pxJNw5N5nHh4In5f3y7J+b/t6bLTr8NdPh/T5rvMWsav0PfY1Z0HeP1fIrGDgFezwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABa011ZMrbce9O2/ecf8/5ffmH41es/9NNNN/zLtd//08Bl7/3FfT3fe23PuuPX/+59R1z20KfP2X3ntx59Zf4D/3i+MHDf2O/KyelqNYTkxSSE6s/2fe2Le548erQsCSGUk76dISxKFj+6KMlEGPxbCGFdvZ8T77z/1dPWjy5vuLV7QvnCTJDsdoXecuxPYz9DuLpwizgMVdNxtmP/VaeE379nzY2/XvqjH3btemHneJWk2jCeQlhwSePju0IIc9OfUXG0LYkPTperQwg9DY87q6BfJ7TY/xU568emyznpsrcgTrx/WWa9lKmXXY+6MsuegvZmKq8f7dYrMi+znj0ZzVReP2P5onT5k3R58jTjl+NPEkpJqNS7vzEZHyOh4bglIRk7ltX6eql+bEO6/Zn1JLNeyqyXuzLbNdZuOtDKSTKxPNbLlMfTcSUtP77xXN3EBTnlb0qX1fSJ+lpcD9kbNb2TbtS3a0zs174p+nIglBrOQc3K6wc+PRi9aVlvsnjSY0aaiPftWXPb8vLax/b25fQjuS9J4ydtxd/xq0XzPvmDW65ckhf/klIav9RW/D+c+9RLF93y3W/mxr8jxi+3Ff/Uh3tePPfxm5bl7p99cf9U2oo/9PwTty898tJduf2/K8avthV/1e6nuufvf/iR3P4Pxv0zt634z539gT/e+8yDL+TGDzF+T1vx1+7e8qXu/v0n5cZ/JO6f3vbGz8u7zny2v//PA3nxn47x57cV/56dd77j7oW3npN7fFfH/dPXVvzzTnzoxnn7Hzwu79yZ3NWpV06AN6Yj0musm9P1dvPMmWrIF74xUKld881Lf+Z3sqGM0XYWzGJ8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABen35z3emfuPDdH1lTSUJIcuqMNBHvK89ZtWqgjXaHnn/i9qVHXrqrsWxJG3EAAACAYjEPL9VLqmFJuCqZG45tWj/OERwb15KJ5dk5hBgnO0fQbpxSh+KUOxSn0qE4XR2KM6dDcbo7FKdaEKcaWoszd4o4ldFR0WJ/eqbsT+txejsUZ16H4szvUJwFHYqzsENx+qaM0/o4XNShOIs7FOeIDsU5skNxjupQnH/qUJyjOxQnO6c83XE4P615TF6csRvlwjiVpFy/o9l8+tFpO8fNsJ3egnbmF70et9jO3BbbOSHzuNI026m22M4/z7CdpMV2/nWG7ZQK2onj9ups/2I7ca3F8X9Nh+Ls6FCcazsU57oOxflch+J8vkNxrp9hHIBWxfx/PN/rC92Vd4ae9IyTnQWI+e7Ssd+TX+/yTkgx3psz5XOK4mUT9Uy8pdPtX3YCIRNvWaa8a0K8Sj0fmSJetTHe8sydU23v2aua960x3smZ8u4p4k3YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4AH5z3emfuPDdH1kTkjD6r6mRJuJ95TmrVg200e6eNbctL699bG9jWXeljUAAAABAoZiHd9VLqqG7sjJ0J3Mm1Kum8wDVdL3cV1v2LwirR5fJQGlsvSdZNOXjKunjVmzftGXFtmt2vHXDpqHLhy8f3vz2laevPHPwjDPPWLF+w8bhwdrvELoL4oUQxqYftl2z4zNDGzcOb91WK8z2f0n6uCXpepI+rv9tYXB0eUPa/8UF7ZUmtTd7N4qPHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMC/sWt3IXJddQDAz52ZnZluGzPSr2loNkM+StSqSdxKqqVzQbDQfJClIDPVtQSbYHHThDYpsY5twLYmKEJLIETyYCQWW4sv/bBF7AeBSI0G3BikLZoHfVBaraQlD5Iykt25szOzM511KN02/f0e7r3zP/9z/vfMw8L/7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA+2uyNjpeKY9Vh6MQoh459S6SsXQ2jksD1P3aczt+lBs5u7I1lssMsBAAAADQV9KHDzUj+ZDLpEM6XDX1aWloGQgzfT8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDRM1kbHa+Ux6oXRyFEPXLqXSRj6Wwclwaoe/qtJz7/ysjIP1pjxQHWAQAAAPpL+vBUM5IPxbAsDEVXteUlZwOLOuZ35iXrLJ5jXufZQa+8ZXPMu2aOeZ/ok7excd8dAAAA4MMv6f8zzUgh5DILevb//fr6JG9JR166cZ/7bwWyc84EAAAA3l3S/+eakWLIZYrNfn2u/f7Sjrxkfr//2yfzV/SY3+//+Rsad/+nBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAPj8na6HilPFZNRyFEPXLqXSRj6Wwclwaou+b54X+tO/rg0tZYLjPAQgAAAEBfSR8+03rnQy4zHIbCxVN9/8hNh576ylPPjIYQptv8bDbs3rxz511rpq9J3urjR4d+eOyN787KWz19nbcNAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA75nJ2uh4pTxWvSgKIeqRU+8iGUtn47g0QN3Xvvjlvz126tnXW2PFAdYBAAAA+kv68JnePx+KIRuy4YqpT629/nmpjvm9zgwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAC8fd3773W5snJrbc5cGDBw/Nh/n+ywQAALzXloQo1P9PV26a77cGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+CCZro+OV8lg1H4UQ9cipd5GMpbNxXBqgbvzcidyCs8+/2BorDrAOAAAA0F/Sh8/0/vlQDENhKFw+9anbmcBU/194H18SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+ECZrI2OV8pj1QVRCFGPnHoXyVg6G8elAeo+uufgF44s/MHNrbFcZoCFAAAAgL6SPjzbjORDLvPJkAtXNz5PtE+I0o1793OBmXk72qYNz3lerW1ees7z9nbsLNPYzfS8fLJeYfrenFeaPa/UMq8YmuVLbfPC/rZZC/q8ZwAAAIB5lPT/uWakEHKZXEuf+/O2/II+FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoYbI2Ol4pj1WjKISoR069i2QsnY3j0gB17/39xy/5+i/27WqNFQdYBwAAAOgv6cNnev98KIbF4WNh8VTfHwrt+Unevyvnjjzyn7+vDGHVFSdHMp3L/iR5+O1rN77QeQkh1Z6dCmFho17Uo97v/vjIPcvr5x4LYdXl6atn1QvvXq99ybj+dGXLhp3HTu7o8+UAAADABSLp/4eakULIZe7s2f8nnXef/r9pqgFfeM+eX13WuDY68o4ZqUKjXqpHvS8tf+KvK9b+843z/f/sep9uPn324LYjl7UVnI50iOJ6eduujSevO5xKdj1dP91RP/levvqd1/+7dffD56br50O+EV/U8SrT1WZfO8qHuD6ROlBd/86BWnv9TI/9P/iHF0/9ZtG+t8/Xf2vJcLP+NaFb/dadd93/RXF9+JaH9l9/8OjG9vohhFK3+m++fXO48s93PNC5/+GOhVu/+dZr5xcQ148vPXN47aHiDe31o476yff/y1OP7v/Zw99/Jqmf/FZk5bK51k911H9576V7Xrp/06L2+qke+3/h1ldGtpe+96fO/d/etmqm51vM3v/j1z5526ub4/s6hwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4sk7XR8Up5rJqKQoh65NS7SMbS2TguDVD39LoTb96676c/bo0VB1gHAAAA6C/pw2d6/3wohmzIhuGpvv/pypYNO4+d3BEK06NR456Z2H73zk9t3b7rztvn6c0BAACAuTq9Lprq/zPNSCHkMsvDUKP/L2/btfHkdYdTSf+fOn+PQghb75jYsio0817ee+mel+7ftKh5ThDC1M8C8ufzPjeTd9ONJwpn/vLNFV3z1szkHV965vDaQ8UbkrzQmrc6NM8nHr/2ydte3Rzf13y/1rzPfGP7RON4Ill3+JaH9l9/8OjGVHKO0bgPN9ZN8iZSB6rr3zlQS/LSjXu+sW8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYLbJ2uh4pTxWDekQoh459S6SsXQ2jksD1F2//NcPXHL22cWtsVxmgIUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPgfO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdivn9A4yj4O4M+zm7zZZpM2aV8wKqZpVZR6sCiI6EVFRVqRgqdKkWprD6IgiCj1YCqtWKriRbB6KaKCGqWgYGOxtEoq/itePKigUD0IpRjQLsWDSnaf2W6mO65OqqB+PjA8eZ6Z+c5v5nl2NgsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPCPMtA31mwP77i/ccs5N3z06F0nHrnpnXu3XfTwq99NbLruw72DL52c2bxiy5fXL9u0/+4107ufP/TT8Fu/HO0Z/FCrWZW6tRDi8RhC7d3ZZx6b+fisubEYQqjGkckQRuPSQ6Mxl7D65xDC5nad83e+eeLyLXPttl0D88aX5ELy9xXq1ayelpH59fLvUkvrbGvjwUvC19eu3/7p8jde7586NnnqkFjrWE8hLN7YeX5/CGFR2uZkq20sOzm160IIgx3nXdmjrvP/YP2XFvTPTe3/UlvvkZPtX5nrV3LH5fuZ/lw72ON6C1VUR9njehnK9fMvo4UqqjMbH03t26ld9Sfzq9kWQyWGvnb598RTayR0zFsMsTmXtXa/0p7bkO4/14+5fiXXr/bn7qt53bTQqjHOH8+Oy41nr+O+NL6i813dxa0F42entpY+qCezfsj/0VI/7Y/2fTVldc3+Ti1/h0rHO6jbeHvi02TU01g9Lj3tnF+7yPbNrH/iwuqG9w6PFNQR98aUH0vlb/1kdOj213Y+MFaUv7GS8iul8r9Ze+SH23a+8Fxh/tNZfrVU/mUHBo+vfX/HysLnM5s9n75S+Xcc/eDJ5f+/c6rbXDfz92T5tVL510wfGRhuHDhYWP/q7PksKpX/1dU3fvvK5/uOFeaHLH+wVP6G6fueGhhvXFyYf7D1Uag3V2iJ9fPj1BVfjI9/P1GU/1n2/Ie75Mee+S9P7r7qxSW71hSuz3XZ8xkpVf/NF+zfPtTYd17RuzPuOVPfnAD/TcvS/1iPp37Z35kL1fF74dmJvtY30FDahs/khXLmrrP4L8wHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgN3bggAQAAABA0P/X7QgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgqQAAAP//0IQqQw==")
program crashed: KASAN: use-after-free Read in bch2_btree_node_read_done
single: successfully extracted reproducer
found reproducer with 1 syscalls
minimizing guilty program
extracting C reproducer
testing compiled C program (duration=57.644990541s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: use-after-free Read in bch2_btree_node_read_done
simplifying C reproducer
testing compiled C program (duration=57.644990541s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: use-after-free Read in bch2_btree_node_read_done
testing compiled C program (duration=57.644990541s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program did not crash
testing compiled C program (duration=57.644990541s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: use-after-free Read in bch2_btree_node_read_done
testing compiled C program (duration=57.644990541s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: slab-use-after-free Read in bch2_btree_node_read_done
a never seen crash title: KASAN: slab-use-after-free Read in bch2_btree_node_read_done, ignore
testing compiled C program (duration=57.644990541s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:false NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: slab-use-after-free Read in bch2_btree_node_read_done
a never seen crash title: KASAN: slab-use-after-free Read in bch2_btree_node_read_done, ignore
testing compiled C program (duration=57.644990541s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: use-after-free Read in bch2_btree_node_read_done
testing compiled C program (duration=57.644990541s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: use-after-free Read in bch2_btree_node_read_done
testing compiled C program (duration=57.644990541s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: slab-use-after-free Read in bch2_btree_node_read_done
a never seen crash title: KASAN: slab-use-after-free Read in bch2_btree_node_read_done, ignore
testing compiled C program (duration=57.644990541s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: use-after-free Read in bch2_btree_node_read_done
testing compiled C program (duration=57.644990541s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: use-after-free Read in bch2_btree_node_read_done
testing compiled C program (duration=57.644990541s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: use-after-free Read in bch2_btree_node_read_done
testing compiled C program (duration=57.644990541s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: use-after-free Read in bch2_btree_node_read_done
testing compiled C program (duration=57.644990541s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: use-after-free Read in bch2_btree_node_read_done
testing compiled C program (duration=57.644990541s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:true UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: use-after-free Read in bch2_btree_node_read_done
testing compiled C program (duration=57.644990541s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:true UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: use-after-free Read in bch2_btree_node_read_done
testing compiled C program (duration=57.644990541s, {Threaded:false Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:false NetReset:false Cgroups:true BinfmtMisc:false CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:true HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bcachefs
program crashed: KASAN: use-after-free Read in bch2_btree_node_read_done
reproducing took 22m35.17866317s
repro crashed as (corrupted=false):
node offset 8/24 bset u64s 375 bset byte offset 184: keys out of order: u64s 11 type alloc_v4 0:32:0 len 0 ver 0 > u64s 11 type alloc_v4 0:2:0 len 0 ver 0, fixing
bcachefs (loop0): btree_node_read_work: rewriting btree node at btree=alloc level=0 SPOS_MAX due to error
==================================================================
BUG: KASAN: use-after-free in bch2_btree_node_read_done+0xfbe/0x5e90 fs/bcachefs/btree_io.c:1087
Read of size 8 at addr ffff88807eb8c010 by task syz-executor280/5832
CPU: 0 UID: 0 PID: 5832 Comm: syz-executor280 Not tainted 6.12.0-syzkaller-08446-g228a1157fb9f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:377 [inline]
print_report+0x169/0x550 mm/kasan/report.c:488
kasan_report+0x143/0x180 mm/kasan/report.c:601
bch2_btree_node_read_done+0xfbe/0x5e90 fs/bcachefs/btree_io.c:1087
btree_node_read_work+0x68b/0x1260 fs/bcachefs/btree_io.c:1323
bch2_btree_node_read+0x2433/0x2a10
__bch2_btree_root_read fs/bcachefs/btree_io.c:1749 [inline]
bch2_btree_root_read+0x617/0x7a0 fs/bcachefs/btree_io.c:1771
read_btree_roots+0x296/0x840 fs/bcachefs/recovery.c:523
bch2_fs_recovery+0x2585/0x39d0 fs/bcachefs/recovery.c:853
bch2_fs_start+0x356/0x5b0 fs/bcachefs/super.c:1037
bch2_fs_get_tree+0xd68/0x1710 fs/bcachefs/fs.c:2170
vfs_get_tree+0x90/0x2b0 fs/super.c:1814
do_new_mount+0x2be/0xb40 fs/namespace.c:3507
do_mount fs/namespace.c:3847 [inline]
__do_sys_mount fs/namespace.c:4057 [inline]
__se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4034
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f783aeb67ea
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 06 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fffa7a8d5a8 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f783aeb67ea
RDX: 00000000200000c0 RSI: 0000000020000180 RDI: 00007fffa7a8d600
RBP: 0000000000000004 R08: 00007fffa7a8d640 R09: 000000000000593e
R10: 0000000000000010 R11: 0000000000000282 R12: 00007fffa7a8d640
R13: 0000000001000000 R14: 0000000000000003 R15: 0000000000000010
The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7eb8c
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 ffffea0001fae508 ffff8880b86447e0 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as freed
page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x452cd0(GFP_KERNEL_ACCOUNT|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_RECLAIMABLE), pid 5832, tgid 5832 (syz-executor280), ts 62141782614, free_ts 62376917459
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1556
prep_new_page mm/page_alloc.c:1564 [inline]
get_page_from_freelist+0x363e/0x3790 mm/page_alloc.c:3474
__alloc_pages_noprof+0x292/0x710 mm/page_alloc.c:4751
__alloc_pages_node_noprof include/linux/gfp.h:269 [inline]
alloc_pages_node_noprof include/linux/gfp.h:296 [inline]
___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4209
__kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4236
__do_kmalloc_node mm/slub.c:4252 [inline]
__kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4270
__kvmalloc_node_noprof+0x72/0x190 mm/util.c:658
btree_node_data_alloc+0xdb/0x260 fs/bcachefs/btree_cache.c:153
__bch2_btree_node_mem_alloc+0x1d8/0x3e0 fs/bcachefs/btree_cache.c:198
bch2_fs_btree_cache_init+0x26f/0x630 fs/bcachefs/btree_cache.c:653
bch2_fs_alloc fs/bcachefs/super.c:917 [inline]
bch2_fs_open+0x2aa4/0x2f80 fs/bcachefs/super.c:2065
bch2_fs_get_tree+0x738/0x1710 fs/bcachefs/fs.c:2157
vfs_get_tree+0x90/0x2b0 fs/super.c:1814
do_new_mount+0x2be/0xb40 fs/namespace.c:3507
do_mount fs/namespace.c:3847 [inline]
__do_sys_mount fs/namespace.c:4057 [inline]
__se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4034
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
page last free pid 5832 tgid 5832 stack trace:
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1127 [inline]
free_unref_page+0xded/0x1130 mm/page_alloc.c:2657
__folio_put+0x2c7/0x440 mm/swap.c:112
folio_put include/linux/mm.h:1490 [inline]
free_large_kmalloc+0x105/0x1c0 mm/slub.c:4698
kfree+0x21c/0x440 mm/slub.c:4721
btree_bounce_free fs/bcachefs/btree_io.c:112 [inline]
bch2_btree_node_read_done+0x3c8a/0x5e90 fs/bcachefs/btree_io.c:1209
btree_node_read_work+0x68b/0x1260 fs/bcachefs/btree_io.c:1323
bch2_btree_node_read+0x2433/0x2a10
__bch2_btree_root_read fs/bcachefs/btree_io.c:1749 [inline]
bch2_btree_root_read+0x617/0x7a0 fs/bcachefs/btree_io.c:1771
read_btree_roots+0x296/0x840 fs/bcachefs/recovery.c:523
bch2_fs_recovery+0x2585/0x39d0 fs/bcachefs/recovery.c:853
bch2_fs_start+0x356/0x5b0 fs/bcachefs/super.c:1037
bch2_fs_get_tree+0xd68/0x1710 fs/bcachefs/fs.c:2170
vfs_get_tree+0x90/0x2b0 fs/super.c:1814
do_new_mount+0x2be/0xb40 fs/namespace.c:3507
do_mount fs/namespace.c:3847 [inline]
__do_sys_mount fs/namespace.c:4057 [inline]
__se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4034
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
Memory state around the buggy address:
ffff88807eb8bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff88807eb8bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff88807eb8c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
ffff88807eb8c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff88807eb8c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
final repro crashed as (corrupted=false):
node offset 8/24 bset u64s 375 bset byte offset 184: keys out of order: u64s 11 type alloc_v4 0:32:0 len 0 ver 0 > u64s 11 type alloc_v4 0:2:0 len 0 ver 0, fixing
bcachefs (loop0): btree_node_read_work: rewriting btree node at btree=alloc level=0 SPOS_MAX due to error
==================================================================
BUG: KASAN: use-after-free in bch2_btree_node_read_done+0xfbe/0x5e90 fs/bcachefs/btree_io.c:1087
Read of size 8 at addr ffff88807eb8c010 by task syz-executor280/5832
CPU: 0 UID: 0 PID: 5832 Comm: syz-executor280 Not tainted 6.12.0-syzkaller-08446-g228a1157fb9f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:377 [inline]
print_report+0x169/0x550 mm/kasan/report.c:488
kasan_report+0x143/0x180 mm/kasan/report.c:601
bch2_btree_node_read_done+0xfbe/0x5e90 fs/bcachefs/btree_io.c:1087
btree_node_read_work+0x68b/0x1260 fs/bcachefs/btree_io.c:1323
bch2_btree_node_read+0x2433/0x2a10
__bch2_btree_root_read fs/bcachefs/btree_io.c:1749 [inline]
bch2_btree_root_read+0x617/0x7a0 fs/bcachefs/btree_io.c:1771
read_btree_roots+0x296/0x840 fs/bcachefs/recovery.c:523
bch2_fs_recovery+0x2585/0x39d0 fs/bcachefs/recovery.c:853
bch2_fs_start+0x356/0x5b0 fs/bcachefs/super.c:1037
bch2_fs_get_tree+0xd68/0x1710 fs/bcachefs/fs.c:2170
vfs_get_tree+0x90/0x2b0 fs/super.c:1814
do_new_mount+0x2be/0xb40 fs/namespace.c:3507
do_mount fs/namespace.c:3847 [inline]
__do_sys_mount fs/namespace.c:4057 [inline]
__se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4034
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f783aeb67ea
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 3e 06 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fffa7a8d5a8 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f783aeb67ea
RDX: 00000000200000c0 RSI: 0000000020000180 RDI: 00007fffa7a8d600
RBP: 0000000000000004 R08: 00007fffa7a8d640 R09: 000000000000593e
R10: 0000000000000010 R11: 0000000000000282 R12: 00007fffa7a8d640
R13: 0000000001000000 R14: 0000000000000003 R15: 0000000000000010
The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7eb8c
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 ffffea0001fae508 ffff8880b86447e0 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as freed
page last allocated via order 2, migratetype Reclaimable, gfp_mask 0x452cd0(GFP_KERNEL_ACCOUNT|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_RECLAIMABLE), pid 5832, tgid 5832 (syz-executor280), ts 62141782614, free_ts 62376917459
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1556
prep_new_page mm/page_alloc.c:1564 [inline]
get_page_from_freelist+0x363e/0x3790 mm/page_alloc.c:3474
__alloc_pages_noprof+0x292/0x710 mm/page_alloc.c:4751
__alloc_pages_node_noprof include/linux/gfp.h:269 [inline]
alloc_pages_node_noprof include/linux/gfp.h:296 [inline]
___kmalloc_large_node+0x8b/0x1d0 mm/slub.c:4209
__kmalloc_large_node_noprof+0x1a/0x80 mm/slub.c:4236
__do_kmalloc_node mm/slub.c:4252 [inline]
__kmalloc_node_noprof+0x2d2/0x440 mm/slub.c:4270
__kvmalloc_node_noprof+0x72/0x190 mm/util.c:658
btree_node_data_alloc+0xdb/0x260 fs/bcachefs/btree_cache.c:153
__bch2_btree_node_mem_alloc+0x1d8/0x3e0 fs/bcachefs/btree_cache.c:198
bch2_fs_btree_cache_init+0x26f/0x630 fs/bcachefs/btree_cache.c:653
bch2_fs_alloc fs/bcachefs/super.c:917 [inline]
bch2_fs_open+0x2aa4/0x2f80 fs/bcachefs/super.c:2065
bch2_fs_get_tree+0x738/0x1710 fs/bcachefs/fs.c:2157
vfs_get_tree+0x90/0x2b0 fs/super.c:1814
do_new_mount+0x2be/0xb40 fs/namespace.c:3507
do_mount fs/namespace.c:3847 [inline]
__do_sys_mount fs/namespace.c:4057 [inline]
__se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4034
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
page last free pid 5832 tgid 5832 stack trace:
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1127 [inline]
free_unref_page+0xded/0x1130 mm/page_alloc.c:2657
__folio_put+0x2c7/0x440 mm/swap.c:112
folio_put include/linux/mm.h:1490 [inline]
free_large_kmalloc+0x105/0x1c0 mm/slub.c:4698
kfree+0x21c/0x440 mm/slub.c:4721
btree_bounce_free fs/bcachefs/btree_io.c:112 [inline]
bch2_btree_node_read_done+0x3c8a/0x5e90 fs/bcachefs/btree_io.c:1209
btree_node_read_work+0x68b/0x1260 fs/bcachefs/btree_io.c:1323
bch2_btree_node_read+0x2433/0x2a10
__bch2_btree_root_read fs/bcachefs/btree_io.c:1749 [inline]
bch2_btree_root_read+0x617/0x7a0 fs/bcachefs/btree_io.c:1771
read_btree_roots+0x296/0x840 fs/bcachefs/recovery.c:523
bch2_fs_recovery+0x2585/0x39d0 fs/bcachefs/recovery.c:853
bch2_fs_start+0x356/0x5b0 fs/bcachefs/super.c:1037
bch2_fs_get_tree+0xd68/0x1710 fs/bcachefs/fs.c:2170
vfs_get_tree+0x90/0x2b0 fs/super.c:1814
do_new_mount+0x2be/0xb40 fs/namespace.c:3507
do_mount fs/namespace.c:3847 [inline]
__do_sys_mount fs/namespace.c:4057 [inline]
__se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4034
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
Memory state around the buggy address:
ffff88807eb8bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff88807eb8bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff88807eb8c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
ffff88807eb8c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff88807eb8c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================