program: r0 = syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f00000015c0)='./file0\x00', 0x880, &(0x7f00000001c0), 0x0, 0x55da, &(0x7f0000010240)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/9ppumaeNENOMkHTWgGWkaW8MwOAbNQ6MhNLPGcZPRQKBBpBHCYxVEbUCdcYif8bWzZqIjKIjsqh9iXA0GI7qIGWUSxcQH4GMdXdf1PSox6oT9dN86RdWtLruQh+B8v390narfed569D333joFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/DHcf/uI3hyyY9Q/vN5590arqKQv/R+eoS/5wxXc++8Q/Ll34b2HeL4efvmXuYecfP2/+1H/pXLbqmNNCaOsuV5YUL3vmsi8+2Lbf8U/fNmDjjOtvbthSnak3Ew99u/6UZ+5cGFt9vl8Id5aFUJkODK5PAlWZ+/WxvgPrQ9gnbAtkS7TXJSXSDYf7a0NYHLYFslWtqg0VISdw8ob77rm0K3FVbQhfCCHUpNt4qiZpozYdGFidBOrSgWmVSeB3WxPZwM/KkwDssPhmyL7oV7blZ2jsuVyR11/VTuvYxys9vIqYaCye79Vjd3GnclSnH2jboaetoDp2iYK3xxrvtq7hrd+ad39Pe7cVbOfLPG25O1KZPZScJ7EmlE9onzhudses+Eh5aG6uKFbTLnqen3xz3vjtSe/pn/oF/6wbd8rr8OJHlk/ru3TUxVdu/vXoDWfUHrKj3XwiZ5Pmpne1mpB5ze01z2M08mP8PKnZodI7057+tBXsJTXZ6QohbD37zOlfnT3hzGMqbnp87csPPFC/5czZ8395+oRzFl74rQ3/Pu+Fgvl/44fP/+PLOd6W5+WOrb7fkMzN4yP1MfF6Q9cdAAAA2IvsDUdNV5z76l+9+sM1bTMWnvrdNw4/+/392n4z/L7+1Ye8tra57dyNn36pYP7fVNr5/3jKvz53tGtCGNmdWNg/hP27H08CK2J3vt8/hM93p9ryA8emAmtCOKA7cVi2qlSJPrFEUyrwYkMmMDIVWBcDbanAshi4LBW4MAZWpgLjY2BNKnBcDITJ+eP4YkNmHDFQWSwQS9TGwNhkI66MVyG81RBbS22rTdmqAAAAdpLM7LAq/27OtQ47miFOL1fW9pYhXoHdY4au0jXl+TWkZ7DZaVXRJipDLzWU91ZDdtydHz78gprLequ54DKMsvwM16/+y3sWPn/UZ8bsN+HTi4acN/kX48IZb95Z/WjL4uffOPCYG9cWzP9bPnz+X9NDR8oKzv+HMKb7b8xdnol0ZONj2/IyAAAAADvggj/+i33qXhx8SOOmd8vunrfmsYeX/2rzPief+u7YE1798dG1TXcXzP9Hlnb9fzwmUpGTOayPhyGm9A+hJT+QVDuiMJCc9e6bCQAAAMAep4ez19nz8dlz4ZMzt8kl2un5dGH+tu3MH0/8j+wx/wd3/c+627b+6/Nl533/7OG1/Zf808ud40/81nE3nfCdtw6oPORX5QXz/7bSrv+vy79NOrEu9uLK/iH0yQk8EHvZFejWFAPPfjk/kBn/urgBFsWqMhcmZKtaFEuMjYGWVGBxsRIPZ0vsnx/IPFnZxhdmxzE5UyInAAAAALtdPBwQz8vH6/9bTxt+yl//YObfLnjpgXNWnXfRXw3rnDfim/c9+X7jnMuXhE2vH1Mw/x+7fdf/d8+DCy7v7+gbwpDKECrSXwxYX5csDBgD9WWZxN11SV0V6aoW1IUwomtg6aqey6z/X5leY/DR2qSqGNj/oJveHNiVWFobwpDcwGPfXXJUV2J2KpBt/JTaED7XNdp043f0SRqvSjd+dZ8QPpsTyFY1vk8IXY1Vp6v6XzWZ3zFIV7WyJoR9cwLZqobVhDAnALC3iv9LJ+Q+OHPO3CnjOjraZ+zCRDyIXxsmTu5obx4/rWNCTZE+TUj1OW8do/mFYyr1p282ZdYoWrRiUlUp6eyplpbctjIH8guuHMzcjztDVd3jPKIq725resiHHlzYRMjZlSo25PJdPOS63Eq2PYkF9cf81aFv6DN7ZvuM5nPGzZo1Y2jyt9TsRyR/43mmZFsNTW+rup76VsLLo+hyWSkfdVsNzK1kyKyp04fMnDN38OSp4ya1T2o/q/XIP2sdPmzYl4YP6RpUS/K3l5EO7Knm1Ei3LilxWDtxpJ+pzKlkd3xoSEhI7G2Jg/7L5odG7bvurGt/8cpPz+37jVPu3v/LM3585BVTHqw58OhFtw4+tGD+Pz13/v9I5vNl2/w/furED/7M+gzFzv83xtP8yePbTvOPjYHFpZ7/byx2Nj97YUBTKtAZA51O8wMAAPDJEA9HxqOZ8aD05pvWrd24uHXOjxrfar15dceSG26459s/u33AiZ8bFPbbcM2JnyqY/3eW9v3/nbT+f3bp+hOLLfN/WCzRUmz9//Qy/9n1/zuLrf+fXuY/u/7/4t24/n8MzM4GUpvkLev/AwAAnwS7Z/3/kpb3r+ktQ6/L+6d/IKAgQ6/L+Jf6AwHbvf7/6gf++gvVfUff9ietv2246JW/u+uoti+v3TzjTz63dd2Ee64Zc9Pqgvn/ZaXN/y3cDwAAAHuO/3zJVZXHnXnnba1rp2wc+/qgtx9/Y/HAivcqj3uoY8RzA167+ZyC+f/i0ub/u3/9v1Ds+v+mYoG2YgsDWv8PAACAvVSx9f/uGtLa9IfR/f7w5NDfLnvgxlE/X3/vB8sOuvekX5QfMP9rz864ZGLB/H9lafP/eNlFeV7u2Jv3G5I17UJ6TbvXG7JfGQAAAIC9Q3lobq4qMW/ewqjHfvQ2n8wsBfph6Vw/eOnqMzc/N+34R09d+3e1Jw7ad/zU81Y2/c2wQ2//9MiL9l2y6dsF8/81pc3/876XcfEjy6f1XTrq4vev3Pzr0RvOqD1k2/l/AAAAYNcp9bgEAAAAAAAAAAAAAADw8Tu7c9H565d+7Z1v3PoXBx+z+OVBt9xx6O8H933hsivun7jytdMnfbXg+/9hTHe5Yt//j7/7F79f8Ed5uWOrva//l7l/8km3zulesnB9QwgH5wamLJiyT8j8Nv+g3MA9px02oCuxIF1i9dPHvdCV+F46cMLgT23pShydCoyNiyQekA7EX1Xc0i8ViMsrPpoOxO2xMh2ozgQu6ZeMoyy9rV6qT7ZVWXpbbawPoX9OILut7qxP2ihLD/CqVCA7wB+kA3GA38oEytO9urVv0qsYqI9Fr+ub9AoAgD1W3AusChMnd7S3xF34ePuZyvzbKG/JsvmF1ZaV2PymzNJki1ZMqiolXZHeF932W+NVoaZrCEMLdldzs5R1j3Ln1NLLpvujIkPubbW38iLl0rZ301UXH1FtMqLm8dM6JlT1OvDW3rMcUdlrlqEFk53cLOXdm7SEWkroSwkjKnHblNDleL88NDdXpHL9eQw2hjy9vSJS39e/tzBHInedv2Kvgtw8txx5+Ruf/8rPn3nvnz/9WL+vn1J768wfvn3Sb16979AjjrlmfPPqLQXz/8bS5v81uePakvkxgM74y3oj+ocwttgQAAAA4D+cWy64+bZTp617aeKayscfeWRK+ehTq7bOu33e3Is23r3ohEsOX76j8aPO+N0Pfzvo4H97+ooXfj7igPuvu/H/PH7Uo3/+wUM/efCt+hUVY94pmP83lTb/j0ewMqeCk6Mda+Lv/y/sH0L3T+s3JoEVcbjf7x/C57tTbbFE8oP6J8YSLUlgRTxgclgsMbYtv6o+MbAyFXixIRNYkwqsi4HMUYqbQuZQzuUNIRzVnRqTX2J6LNGYCoyOgaZUoDkGWlKBfjEwMhV4pV8m0JYKPBQDYXL+tvppv8y2AgAA2B6ZeVZV/t2QnuetrOwtQ1lvGep6y1DeW4aa3jIUG0W8f1vMUJW6eKUsJ1NVutbaVC0FGeKP4W93vwoyhIfzc6YLFjQdrz/IXm9Qlp/h8h89/e11g6Y9uGrzV7404JZ/HLzv4S3T6t+Zf90Tvxt91jXP/unAgvl/S2nz/7r826T1dXH+v+33/5LAA7F7V8ZLx5ti4Nkv5wcyBwbWxcnuomxVbZkSmUn7olhiZAw0pQLTY2BkKjB2TCaweEB+IDPTzja+MNv45EyJnAAAAADsdvEAQTxME+f/1x/7oyvf7T9hy9K5M+4b0/rYt0Z9/co7fnL3wUtvf3v5oP5j3/lewfx/ZGnz/9he39zGLoy9eb5fCHeWbetNNjC4PgnE4xj18evxB9aHsE/OAY5sifa6pER1quFwf23yDfXqdFWrapM1BuL9kzfcd8+lXYmrakP4Qs7Rl2wbT9UkbdSmAwOrk0BdOjCtMgnEIz/ZwM/KkwDssOxRwfiCylzqktXYc7kir79Pym+CpodXcAy0h3w9fedqV6lJP5A5ppq1fU9bQXXsEgVvjzXebXvju63Ruy13Ryqzh7J1W6gmlE9onzhudses+EjuN1kL7KLnOfdbqqWkd8LrsPOj97Z3NekOtKQ+Plp6Ltfz67AsVnfxI8un9V066uIrN/969IYzag8puRtFxC8K/2TL/656Imfz7mo1IfOa2+s+T9p8nuyN/waaPG0hhEuu/cqBi9/+zUHPXPfMt9eWXT/m5b+cedemZX9TdfTIte8+PmTUpQXz/7bS5v+Vqdtuv48bc2b/EA7N2bjr4+b/Sv/kczAnkHxK7lsYSE65/2tD0U9OAAAA2NmyhzuyxwsmZ26TC8LT8+TC/G3bmT8erxjZY/5S+/21tRtXfHPIa9cc8rfnnfTa31999BMPXntJ2dpl/33Me6tWX7ronccK5v9jP3z+3yfVzY/3/H+l8/98cjn/36OP8VB0dSmZ+qQf6NyhQ9EF1bFLOP/fo73uxI/z/8H5/x775/y/8/+92p3n/z/IfVvu2fb0p61gL2m6na6uHdZrb7/39xNueG9O00GHf/OJp46ccM0/XdF65x0nv/Tfzj5n6ivf2Vww/59e2vzf+n89L9qXXf9vbLH1/6YXW/+v0/p/AADALlVkobn0PK9g9b6CDOnV+woy9LpAYK9LDFr/b7vX/1sw4t8vOP/Hz7Ze/dbtYy9dvelrp7/85NpVT81cfvzZ577RdscdbQXz/87S5v/x5dA3t/W9Zf2/pjFFqrosBqZbGBAAAIA9UbEDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHy8jjzlrXcv+uo/tA/85fIb//7m//d/n65bc/83vn7DsF9N/tPTylZvuGr46VvmHnb+8fPmT/2XzmWrjjkthMnd5cqS4mXPXPbFB9v2O/7p2wZsnHH9zQ1bajL1VmVu/zgvd2z1/YYQFuc8Uh8Trzd03dkWOPmkW+dUdiXWN4RwcG5gyoIp+3QlljWEMCg3cM9phw3oSixIl1j99HEvdCW+lw6cMPhTW7oSR2cCZenuXtMv6W5ZuruX9guhf04g290z++VXlW3j+EygPN3G8vqkjRioj0Wvrk/aiIGOWGJynxCGVIZQka7qn2uSqirSVd1Vk1RVka7qgpoQRoQQKtNVPVOdVFWZHvnD1UlVMbD/QTe9ObArsaQ6hCG5gce+u+SorsSMVCDb+H+qDuFzXS+ZdOM/rUoar0o3/l+rQvhsCKE6XeKdyqREdbrEc5Uh7JsT2LYRK0OYE/hkiJ8+E3IfnDln7pRxHR3tM3ZhojrTVm2YOLmjvXn8tI4JNak+FVOWk946/6OPfdOb88Z33S5aMamqlHRlplxVd5ePqMq727qn9z72qy63km3PR0H9MX916Bv6zJ7ZPqP5nHGzZs0YmvwtNfsRyd+KTDTZVkMzmSv39G01MLeSIbOmTh8yc87cwZOnjpvUPqn9rNYj/6x1+LBhXxo+pGtQLcnfnke6fa+KJbt/pJ+pzKnko7ylu8a96z81JCQkPr5Eed6nW8ue/j+vYEd/W0erQk33B3TBtCI3S1n3KHfGoI/9iCP+KLspvY5oaMHEoSDLEb1naS2YTGzLUptk6d6tK5gc5tZU3r1J4/3y0NxcUWw7NObfzd28r+7A5n0ys+lKTQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/nx04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirswIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQeOBQAAAACE+VuH0bMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwKQAA//8X0xow") r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r2, 0x0, 0xffffffffffffffff, 0x1}) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x101400, 0x0) socket$l2tp6(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0) socket$kcm(0x10, 0x400000002, 0x0) socket$key(0xf, 0x3, 0x2) syz_usb_connect$cdc_ecm(0x3, 0x4d, &(0x7f0000001240)=ANY=[@ANYBLOB="12010000020000102505a1a44000010203010902"], 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='ns\x00') userfaultfd(0x801) syz_open_dev$sndctrl(&(0x7f0000000240), 0x0, 0x2a8600) openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000380), 0x2, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x40000012}) socket(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udplite(0x2, 0x2, 0x88) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f0000000280)={0x201, 0x1, &(0x7f0000000540)=[r4], &(0x7f0000000500)=[0x1], &(0x7f0000000200), &(0x7f0000000580), 0x0, 0x7f}) ioctl$BTRFS_IOC_QUOTA_CTL(r0, 0xc0109428, &(0x7f00000000c0)={0x1}) chdir(&(0x7f0000000240)='./file0\x00') r5 = openat(r0, &(0x7f00000002c0)='./file0\x00', 0x10002, 0x12d) ioctl$BTRFS_IOC_SNAP_CREATE_V2(r5, 0x50009417, &(0x7f0000003480)={{r5}, 0x0, 0x2, @unused=[0x0, 0x808, 0x0, 0x94], @subvolid=0x3}) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x300000a) [ 141.958237][ T5325] Bluetooth: hci0: command tx timeout [ 142.288815][ T5340] loop0: detected capacity change from 0 to 32768 [ 142.333733][ T5340] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.0 (5340) [ 142.365516][ T5340] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 142.369589][ T5340] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 142.392026][ T5340] BTRFS info (device loop0): using free-space-tree [ 142.430430][ T1035] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x45c4daa94c2fee9c24887d4bee8f983cd8ca9d8901c4a5aa51fab9bc8d8bf5d6 found 0xd3af7654418670f0f70da767e5c7877c18843049bcf7986bbde8ce0509b9acf3 level 0 [ 142.452832][ T5340] BTRFS warning (device loop0): couldn't read tree root [ 142.469848][ T5340] BTRFS error (device loop0): open_ctree failed: -5 [ 142.791870][ T1342] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 142.943536][ T1342] usb 5-1: Using ep0 maxpacket: 16 [ 142.949392][ T1342] usb 5-1: config 0 has no interfaces? [ 142.956587][ T1342] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 142.960214][ T1342] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.964002][ T1342] usb 5-1: Product: syz [ 142.965531][ T1342] usb 5-1: Manufacturer: syz [ 142.967310][ T1342] usb 5-1: SerialNumber: syz [ 142.982238][ T1342] usb 5-1: config 0 descriptor?? [ 143.195226][ T5340] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 143.203814][ T1035] ================================================================== [ 143.207299][ T1035] BUG: KASAN: slab-use-after-free in drm_atomic_helper_wait_for_vblanks+0x30b/0x910 [ 143.210897][ T1035] Read of size 1 at addr ffff8880341a2009 by task kworker/u4:7/1035 [ 143.213913][ T1035] [ 143.214872][ T1035] CPU: 0 UID: 0 PID: 1035 Comm: kworker/u4:7 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 143.214886][ T1035] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 143.214895][ T1035] Workqueue: events_unbound commit_work [ 143.214918][ T1035] Call Trace: [ 143.214926][ T1035] [ 143.214932][ T1035] dump_stack_lvl+0x241/0x360 [ 143.214950][ T1035] ? __pfx_dump_stack_lvl+0x10/0x10 [ 143.214963][ T1035] ? __virt_addr_valid+0x183/0x530 [ 143.214978][ T1035] ? rcu_is_watching+0x15/0xb0 [ 143.214991][ T1035] ? __virt_addr_valid+0x183/0x530 [ 143.215002][ T1035] ? lock_release+0x4e/0x3e0 [ 143.215014][ T1035] ? __virt_addr_valid+0x183/0x530 [ 143.215026][ T1035] ? __virt_addr_valid+0x183/0x530 [ 143.215045][ T1035] print_report+0x16e/0x5b0 [ 143.215058][ T1035] ? __virt_addr_valid+0x183/0x530 [ 143.215070][ T1035] ? __virt_addr_valid+0x183/0x530 [ 143.215081][ T1035] ? __virt_addr_valid+0x45f/0x530 [ 143.215092][ T1035] ? __phys_addr+0xba/0x170 [ 143.215105][ T1035] ? drm_atomic_helper_wait_for_vblanks+0x30b/0x910 [ 143.215118][ T1035] kasan_report+0x143/0x180 [ 143.215130][ T1035] ? drm_atomic_helper_wait_for_vblanks+0x30b/0x910 [ 143.215145][ T1035] drm_atomic_helper_wait_for_vblanks+0x30b/0x910 [ 143.215158][ T1035] ? _raw_spin_unlock_irqrestore+0x134/0x140 [ 143.215217][ T1035] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 143.215229][ T1035] ? __pfx_drm_atomic_helper_wait_for_vblanks+0x10/0x10 [ 143.215243][ T1035] ? drm_atomic_helper_commit_hw_done+0x3f9/0x430 [ 143.215259][ T1035] drm_atomic_helper_commit_tail+0x314/0x510 [ 143.215274][ T1035] commit_tail+0x2c4/0x3d0 [ 143.215287][ T1035] ? process_scheduled_works+0x9cb/0x18e0 [ 143.215299][ T1035] process_scheduled_works+0xac3/0x18e0 [ 143.215316][ T1035] ? __pfx_process_scheduled_works+0x10/0x10 [ 143.215328][ T1035] ? assign_work+0x367/0x3d0 [ 143.215338][ T1035] worker_thread+0x870/0xd50 [ 143.215353][ T1035] ? __kthread_parkme+0x1a8/0x200 [ 143.215366][ T1035] ? __pfx_worker_thread+0x10/0x10 [ 143.215378][ T1035] kthread+0x7b7/0x940 [ 143.215392][ T1035] ? __pfx_worker_thread+0x10/0x10 [ 143.215403][ T1035] ? __pfx_kthread+0x10/0x10 [ 143.215413][ T1035] ? __pfx_kthread+0x10/0x10 [ 143.215422][ T1035] ? __pfx_kthread+0x10/0x10 [ 143.215433][ T1035] ? __pfx_kthread+0x10/0x10 [ 143.215445][ T1035] ? _raw_spin_unlock_irq+0x23/0x50 [ 143.215454][ T1035] ? lockdep_hardirqs_on+0x9d/0x150 [ 143.215464][ T1035] ? __pfx_kthread+0x10/0x10 [ 143.215475][ T1035] ret_from_fork+0x4b/0x80 [ 143.215486][ T1035] ? __pfx_kthread+0x10/0x10 [ 143.215497][ T1035] ret_from_fork_asm+0x1a/0x30 [ 143.215511][ T1035] [ 143.215515][ T1035] [ 143.315106][ T1035] Allocated by task 5340: [ 143.316831][ T1035] kasan_save_track+0x3f/0x80 [ 143.318668][ T1035] __kasan_kmalloc+0x9d/0xb0 [ 143.320535][ T1035] __kmalloc_cache_noprof+0x236/0x370 [ 143.322713][ T1035] drm_atomic_helper_crtc_duplicate_state+0x72/0xb0 [ 143.325349][ T1035] drm_atomic_get_crtc_state+0x182/0x410 [ 143.327530][ T1035] drm_atomic_get_plane_state+0x44e/0x510 [ 143.330391][ T1035] drm_atomic_set_property+0x281/0x3240 [ 143.332615][ T1035] drm_mode_atomic_ioctl+0x7f0/0x1420 [ 143.334735][ T1035] drm_ioctl_kernel+0x34e/0x450 [ 143.336685][ T1035] drm_ioctl+0x687/0xbb0 [ 143.338158][ T1035] __se_sys_ioctl+0xf1/0x160 [ 143.339721][ T1035] do_syscall_64+0xf3/0x230 [ 143.341852][ T1035] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.344267][ T1035] [ 143.345331][ T1035] Freed by task 1342: [ 143.346971][ T1035] kasan_save_track+0x3f/0x80 [ 143.348858][ T1035] kasan_save_free_info+0x40/0x50 [ 143.350839][ T1035] __kasan_slab_free+0x59/0x70 [ 143.352716][ T1035] kfree+0x198/0x430 [ 143.354287][ T1035] drm_atomic_state_default_clear+0x3bd/0xb80 [ 143.356716][ T1035] __drm_atomic_state_free+0xb8/0x210 [ 143.358953][ T1035] drm_atomic_helper_dirtyfb+0xde9/0xe90 [ 143.361231][ T1035] drm_fbdev_shmem_helper_fb_dirty+0x151/0x2e0 [ 143.363535][ T1035] drm_fb_helper_damage_work+0x26c/0x910 [ 143.365622][ T1035] process_scheduled_works+0xac3/0x18e0 [ 143.367687][ T1035] worker_thread+0x870/0xd50 [ 143.369490][ T1035] kthread+0x7b7/0x940 [ 143.371131][ T1035] ret_from_fork+0x4b/0x80 [ 143.372863][ T1035] ret_from_fork_asm+0x1a/0x30 [ 143.374741][ T1035] [ 143.375730][ T1035] The buggy address belongs to the object at ffff8880341a2000 [ 143.375730][ T1035] which belongs to the cache kmalloc-512 of size 512 [ 143.380949][ T1035] The buggy address is located 9 bytes inside of [ 143.380949][ T1035] freed 512-byte region [ffff8880341a2000, ffff8880341a2200) [ 143.386451][ T1035] [ 143.387505][ T1035] The buggy address belongs to the physical page: [ 143.390335][ T1035] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x341a2 [ 143.393840][ T1035] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 143.397173][ T1035] ksm flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 143.400271][ T1035] page_type: f5(slab) [ 143.401944][ T1035] raw: 04fff00000000040 ffff88801b041c80 ffffea0001014100 dead000000000003 [ 143.405412][ T1035] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 143.408860][ T1035] head: 04fff00000000040 ffff88801b041c80 ffffea0001014100 dead000000000003 [ 143.412223][ T1035] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 143.415416][ T1035] head: 04fff00000000001 ffffea0000d06881 00000000ffffffff 00000000ffffffff [ 143.418704][ T1035] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 143.422033][ T1035] page dumped because: kasan: bad access detected [ 143.424417][ T1035] page_owner tracks the page as allocated [ 143.426631][ T1035] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 43674629145, free_ts 43585473132 [ 143.434654][ T1035] post_alloc_hook+0x1f4/0x240 [ 143.436580][ T1035] get_page_from_freelist+0x352b/0x36c0 [ 143.438850][ T1035] __alloc_frozen_pages_noprof+0x211/0x5b0 [ 143.441212][ T1035] alloc_pages_mpol+0x339/0x690 [ 143.443059][ T1035] allocate_slab+0x8f/0x3a0 [ 143.444721][ T1035] ___slab_alloc+0xc3b/0x1500 [ 143.446422][ T1035] __slab_alloc+0x58/0xa0 [ 143.447969][ T1035] __kmalloc_noprof+0x2ea/0x4d0 [ 143.449746][ T1035] ops_init+0x1d9/0x5b0 [ 143.451260][ T1035] register_pernet_operations+0x31f/0x660 [ 143.453302][ T1035] register_pernet_subsys+0x28/0x40 [ 143.455176][ T1035] tcf_register_action+0x8f/0x670 [ 143.456984][ T1035] do_one_initcall+0x24a/0x940 [ 143.458820][ T1035] do_initcall_level+0x157/0x210 [ 143.460712][ T1035] do_initcalls+0x71/0xd0 [ 143.462368][ T1035] kernel_init_freeable+0x432/0x5d0 [ 143.464305][ T1035] page last free pid 1 tgid 1 stack trace: [ 143.466529][ T1035] __free_frozen_pages+0xde8/0x10a0 [ 143.468549][ T1035] __slab_free+0x2c6/0x390 [ 143.470312][ T1035] qlist_free_all+0x9a/0x140 [ 143.472128][ T1035] kasan_quarantine_reduce+0x14f/0x170 [ 143.474227][ T1035] __kasan_slab_alloc+0x23/0x80 [ 143.476112][ T1035] __kmalloc_cache_noprof+0x1c8/0x370 [ 143.478203][ T1035] bus_add_driver+0x163/0x670 [ 143.480009][ T1035] driver_register+0x23a/0x320 [ 143.481898][ T1035] usb_register_driver+0x1d8/0x380 [ 143.483875][ T1035] do_one_initcall+0x24a/0x940 [ 143.485792][ T1035] do_initcall_level+0x157/0x210 [ 143.487723][ T1035] do_initcalls+0x71/0xd0 [ 143.489456][ T1035] kernel_init_freeable+0x432/0x5d0 [ 143.491511][ T1035] kernel_init+0x1d/0x2b0 [ 143.493171][ T1035] ret_from_fork+0x4b/0x80 [ 143.494911][ T1035] ret_from_fork_asm+0x1a/0x30 [ 143.496761][ T1035] [ 143.497705][ T1035] Memory state around the buggy address: [ 143.499858][ T1035] ffff8880341a1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 143.503060][ T1035] ffff8880341a1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 143.506151][ T1035] >ffff8880341a2000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 143.509318][ T1035] ^ [ 143.511087][ T1035] ffff8880341a2080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 143.513942][ T1035] ffff8880341a2100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 143.516692][ T1035] ================================================================== [ 143.544214][ T1342] usb 5-1: USB disconnect, device number 2 [ 143.594942][ T1035] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 143.597890][ T1035] CPU: 0 UID: 0 PID: 1035 Comm: kworker/u4:7 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(full) [ 143.601915][ T1035] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 143.606008][ T1035] Workqueue: events_unbound commit_work [ 143.608122][ T1035] Call Trace: [ 143.609533][ T1035] [ 143.610763][ T1035] dump_stack_lvl+0x241/0x360 [ 143.612635][ T1035] ? __pfx_dump_stack_lvl+0x10/0x10 [ 143.614645][ T1035] ? __pfx__printk+0x10/0x10 [ 143.616407][ T1035] ? vscnprintf+0x5d/0x90 [ 143.618136][ T1035] panic+0x349/0x880 [ 143.619635][ T1035] ? check_panic_on_warn+0x21/0xb0 [ 143.621609][ T1035] ? __pfx_panic+0x10/0x10 [ 143.623321][ T1035] ? _raw_spin_unlock_irqrestore+0x134/0x140 [ 143.625686][ T1035] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 143.628185][ T1035] ? print_report+0x519/0x5b0 [ 143.630119][ T1035] check_panic_on_warn+0x86/0xb0 [ 143.632201][ T1035] ? drm_atomic_helper_wait_for_vblanks+0x30b/0x910 [ 143.634869][ T1035] end_report+0x77/0x160 [ 143.636539][ T1035] kasan_report+0x154/0x180 [ 143.638358][ T1035] ? drm_atomic_helper_wait_for_vblanks+0x30b/0x910 [ 143.640768][ T1035] drm_atomic_helper_wait_for_vblanks+0x30b/0x910 [ 143.643320][ T1035] ? _raw_spin_unlock_irqrestore+0x134/0x140 [ 143.645776][ T1035] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 143.648119][ T1035] ? __pfx_drm_atomic_helper_wait_for_vblanks+0x10/0x10 [ 143.650790][ T1035] ? drm_atomic_helper_commit_hw_done+0x3f9/0x430 [ 143.653369][ T1035] drm_atomic_helper_commit_tail+0x314/0x510 [ 143.655718][ T1035] commit_tail+0x2c4/0x3d0 [ 143.657554][ T1035] ? process_scheduled_works+0x9cb/0x18e0 [ 143.659706][ T1035] process_scheduled_works+0xac3/0x18e0 [ 143.661943][ T1035] ? __pfx_process_scheduled_works+0x10/0x10 [ 143.664270][ T1035] ? assign_work+0x367/0x3d0 [ 143.666146][ T1035] worker_thread+0x870/0xd50 [ 143.668082][ T1035] ? __kthread_parkme+0x1a8/0x200 [ 143.670110][ T1035] ? __pfx_worker_thread+0x10/0x10 [ 143.672163][ T1035] kthread+0x7b7/0x940 [ 143.673738][ T1035] ? __pfx_worker_thread+0x10/0x10 [ 143.675594][ T1035] ? __pfx_kthread+0x10/0x10 [ 143.677294][ T1035] ? __pfx_kthread+0x10/0x10 [ 143.679060][ T1035] ? __pfx_kthread+0x10/0x10 [ 143.680711][ T1035] ? __pfx_kthread+0x10/0x10 [ 143.682386][ T1035] ? _raw_spin_unlock_irq+0x23/0x50 [ 143.684275][ T1035] ? lockdep_hardirqs_on+0x9d/0x150 [ 143.686153][ T1035] ? __pfx_kthread+0x10/0x10 [ 143.687794][ T1035] ret_from_fork+0x4b/0x80 [ 143.689457][ T1035] ? __pfx_kthread+0x10/0x10 [ 143.691451][ T1035] ret_from_fork_asm+0x1a/0x30 [ 143.693293][ T1035] [ 143.694766][ T1035] Kernel Offset: disabled [ 143.696387][ T1035] Rebooting in 86400 seconds..