program: socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000940)='./bus\x00', 0x8, &(0x7f00000004c0)={[{@autodefrag}, {@acl}, {@max_inline={'max_inline', 0x3d, [0x54]}}, {@ssd}, {@compress_algo={'compress', 0x3d, 'lzo'}}, {@ssd}, {@noenospc_debug}, {@barrier}, {@nodiscard}, {@acl}]}, 0x1, 0x55a4, &(0x7f000000ac40)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569H33HvrFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKAbRbfDNkX/YqW/AwN3Zcr8vqr3G4d+3Slh9cnJhqK53vrsB3cqRxV6QdatulpK6iOHaLg7bHau60XvNsKtvMST1vujlRmD2XzllB11x7Q9AUd8+Mj5aGxsU+xmnbQ87xu0zkztibda16HsQMN2+V1+EDtpPrL3p548MqT/3j6vvPXTt3Wbj6Xs0lz0ztadZjZNqvzNddrnsdogs+TXvD2K9hLGmqnK4Rw/J8+X/bMnJd23/jBqydOvP2Fi6+etvCaKROfHfSLsf947S53T7u8YP7f8NHz//hyjrflebljqx/WJ3Pz+EhdTGysT+bmAAAA0Gv0hqOmXx396kunPnT3oheXH1fx3XG/Omm3+oqzv99x/K4rx3/x0ivbH9+lYP4/tLTz//GUf13uaFeHMKErccGAEHbrejwJ/Cx25+QBIezVlWrJDxyWCqwO4Qtdif2zVaVK9I0lhqYCv6/PBCakAmtioCUVuDEGlqQCF8bAilRgRgysTgUOj4HQnj+OA+oz4yg5UBMDrclGXBGvQninPraW2lbrslUBAABsJ5nZYWX+3ZxrHbY1Q5xerqjpKUO8ArtohupUDekZbHZaVbSGip5qKO+phuy4F3308AtqLuup5oLLMMryM3w45DvlAybu/aO7bhxxU/OLE7/77tjjv/LnN99dvf8//fd7zpl/3QEF8/+mj57/V3fTkbKC8/8hTO76G3OXZyId2XhrS14GAAAAYBtc9djSJ2844Kj/c9/L9935pWtvKF999df/7ysbL9h71HHDy/r+3bdXFMz/J5R2/X88JtInJ3N4NB6GmD0ghKb8QFLtwYWB5Kx3v0wAAAAAeoPs+fjsufD2zG1yiXZ6Pl2Yv2Ur88cT/xO6zX/5pr9+9svXPnniwmH7bLjiv535Qdnnx/5ul2PXjnz8rT2H/UND38Lr/1tKu/6/Nv826cSa2IsrB4TQNyfwSOxlZ6DL0Bh4+dD8QGb8a+IGWByrylyYkK1qcSzRGgNNqcCyYiV+my2xW34g82RlG78gO472TImcAAAAAHzi4uGAeF4+Xv9/z+QDvrT/oJfGvLjnvQtfm7D0hFNrf7jPLbu+PqBj0pgDJxxyxDMF8//Wrbv+v2seXHB5f0e/EEZWhNAn/cWAR2uThQFjoK4sk7i/NqmrT7qq82pDGN85sHRVr2TW/69IrzH4RE1SVQzstvdPNw3rTNxQE8LI3MAz37x+TGdifiqQbfwbNSEM6RxtuvGVfZPGK9ONX9M3hD1zAtmqTu4bQmdjVemqHqzO/I5BuqrbqkMYmBPIVnVgdQgLAwC9VPxXOjP3wXkLz549vaOj7YwdmIjH8GvCrPaOtsYZczpmVhfp08xUn/OWMTqvcEyl/vLN85kliqYOuX14Kens9wSbctvKHMcvuHAwcz/uC1V2jbO5Mu/u6PSQh+9T2ETI2ZMqNuTyHTzk2txKtjyJBfXH/FWhX+i7YF7bGY1nTZ8//4xRyd9Sszcnf+NppmRbjUpvq9ru+lbCy6PoalkpH3db7Zdbycj5p80dOW/h2SPaT5t+Stspbd9pHjuquXnMV8eOaR7ZOaqm5G8PQ92vu6pTQ918fYnj2o5D3b0ip5JP4lNDQkKityWmLyk7f8K0X9//rT3WnHbWSXv8/R4zR5z0V5f/Zu6JjYdM/tX1f7m2YP4/96Pn//FTJ37yZ9ZnKHb+vyGe5k8e33KavzUGlpV6/r+h2Nn87IUBQ1OBRTGwyGl+AAAAPhvi4ch4NDMelb6u7p/uPnLmjEPe/+UJU67+27HjTj1r/b4NF1997JL/sP6dJauOeLtg/r+otO//b6f1/7NL13+t2DL/+8cSTcXW/08v859d/39RsfX/08v8Z9f/X/YprP+/IBtIbZJ3rP8PAAB8Fnxy6//3uLx/+gcCCjL0uLx/+gcCCjL0uIx/qT8QsNXr/8/p+IvaQZfPGXfoiLk/fmTV3ksG3val5yf+ep+lB424d+Ut7426tWD+v6S0+b+F+wEAAGDn8dAv+3774neH3f/UI+8fWXbpbzfedPxftR1wyB8GNp8y+eia79/0bwXz/2Wlzf8/+fX/QrHr/4cWC7QUWxjQ+n8AAAD0UsXW/7t54MtDV88fceNjP3/zlpdafzFz/Gv/bskPvjJ9WNPNa9b9pmHG+oL5/4rS5v/xsovyvNyxNx/WJ2vahfSadhvrs18ZAAAAgN6hPDQ2VpaYN29l1MM+fpvrMkuBflQ619P3DVq1oPyhq8qqN/7gkmmHNJ577Jlzjrxo/fdrn/xJ7dTG6jMK5v+rS5v/530v44HaSfWXvT3x4A9XnvzH0/edv3bqlvP/AAAAwI5T6nEJAAAAAAAAAAAAAADg0/dU69KDPhh19Bsz9xr1p28c+8IPFn/xm4/8zbV/PvPnh9+3V/vmYVMKvv8fJneVK/b9//i7f/H7Bbvm5Y6t9rz+X+b+lGNuXdi1ZOGj9SHskxuYff7sz4XMb/PvlxtYNXX/wZ2J89Ml7nvx8Nc6E9PSgaNG7PJeZ2J8KtAaF0n8QjoQf1Xxvf6pQFxe8cl0IG6PFelAVSZwSf9kHGXpbbWhLtlWZelt9VxdCANyAtltdXdd0kZZeoBXpQLZAZ6eDsQBTsoEytO9urVf0qsYqItF/6Zf0isAAHZacS+wMsxq72hrirvw8Xb3ivzbKG/JsvMKqy0rsfnnM0uTTR1y+/BS0n3S+6Jbfmu8MlR3DmFUwe5qbpayrlFun1p62HS7FhlyT6u9lRcpl7a1m66q+IhqkhE1zpjTMbOyx4GP7jlLc0WPWUYVTHZys5R3bdISaimhLyWMqMRtU0KX4/3y0NjYJ5VrXAw2hDw9vSJK/b5+7jp/xV4FuXn+tubaS/sM7vP+v42/6KEHB1R2nDq57aLdH/vngaNm/viHD7Ze8/uC+X9DafP/6txxvZf5MYBF8Zf1Dh4QQmuJIwIAAIDPvv957vI7TpyzZsOs1RXP/u53s8uPO7Fy8zl3nXP2Rc/dv/ioS/79zdsaX1H21KYT39h01l+/8ZOvXPfwWS8dPuOsuyatO2R9W/WN3/2L5acOKZj/Dy1t/h+PYGVOBSdHO1bH3/+/YEAIXT+t35AEfhaHe/KAEPbqSrXEEskP6n8tlmhKAj+LB0z2jyVaW/Kr6hsDK1KB39dnAqtTgTUxkDlK8dOQOZRzRX0IY7pSk/NLzI0lGlKB42JgaCrQGANNqUD/GJiQCrzZPxNoSQX+MQZCe/62urN/ZlsBAABsjcw8qzL/bkjP81ZU9JShrKcMtT1lKO8pQ3VPGYqNIt6/I2aoTF28UpaTqTJda02qloIM8cfwt7pfBRnCb/NzpgsWNB2vP8heb1CWn2HcD+9oPehr83686eIfPX7kgRceueTKty89ut/gK5/93+3n9uu/qbZg/t9U2vy/Nv82aX1NnP9v+f2/JPBI7N6V8dLxoTHw8qH5gcyBgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4eIAgHqaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKIxzHq4tfj96gL4XM5BziyJdpqkxJVqYbDwzXJN9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35yjL9k2XqhO2qhJB4ZVJYHadGBORRKIR36ygXvKkwBss+xRwfiCylzqktXQfbkir7/Pym+CpodXcAy0m3zdfedqR6lOP5A5ppq1dU9bQXXsEAVvj9Xebb3x3dbg3Za7I5XZQ9m8JVQdyme2zZq+oGN+fCT3m6wFdtDznPst1VLS2+F1uOjj97Zn1ekONKU+Ppq6L9f967AsVvdA7aT6y96eePDKk/94+r7z104tuRtFxC8KH3zr3AOey9m8O1p1yLzmet3nSYvPk974b2Copy2EsPyCWU8+8S/vP1+xvvm/HDh2+W1vPrb8Jwc9MGvEFzZc8uWNb717VMH8v6W0+X9F6rbLB3FjzhsQwvCcjfto3PwTBySfgzmB5FNyYGEgOeW+vr7oJycAAABsb9nDHdnjBe2Z2+SC8PQ8uTB/y1bmj8crJnSbv9R+DxzzD9879KrXv/H19btf/ujSp9b9pzdfOWLaoQ9senrFytebj/380wXz/9aPnv/3TXXT+X/n/9lBnP/v1s5+KLpv+oFF23QouqA6dgjn/7u1s7/bnP/vlvP/zv93x/n/Hjj/362d/Wkr2Euaa6crhNA64Ibbf1E7fXi/K8751oy1P3/6naZxL9Sde/Sd/+PwxeGa81b9uWD+P7e0+b/1/7pftC+7/l9rsfX/5hZb/2+R9f8AAIAdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fVq//V3vS2Se9Uv/WXtdMvP0/3zn9wudPOvHZffs8f8LtJ9w08urhL315Q8H8f1Fp8//4cuiX23pvWf9v6OQiVS2JgbkWBgQAAGBnVOwAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ+uFQ8u/uLmxfscdNOzn7/p8H9dtmbW3r86YPPoMSc3Dl88sOzKv/uXtwYtWPhG26Qzr22ZvvyaDSuXhtDeVa4sKV720KDy8tF/OOau2654uGna4CnnVmfqrczcfjEvd2z1w/oQluU8UhcTG+s772wJTDnm1oUVnYlH60PYJzcw+/zZn+tM3Fgfwn65gVVT9x/cmTg/XeK+Fw9/rTMxLR04asQu73UmxmcCZenuXtc/6W5ZuruX9Q9hQE4g291v98+vKtvGf8wEytNt3FyXtBEDdbHoj+qSNmKgI5Zo7xvCyIoQ+qSr+nV1UlWfdFV/X51U1Sdd1X+tDmF8CKEiXdWLVUlVFemRr61KqoqB3fb+6aZhnYllVSGMzA08883rx3QmTk8Fso1/vSqEIZ0vmXTjd1QmjVemG7+qMoQ9QwhV6RL/WpGUqEqXeKUihIE5gWzjp1aEsDDwmRA/fGbmPjhv4dmzp3d0tJ2xAxNVmbZqwqz2jrbGGXM6Zlan+lRMWU5683kff+zPbzpnRuft1CG3Dy8lXZEpV9nV5ebKvLujd/bex37V5lay5fkoqD/mrwr9Qt8F89rOaDxr+vz5Z4xK/paavTn52ycTTbbVqN6yrfbLrWTk/NPmjpy38OwR7adNP6XtlLbvNI8d1dw85qtjxzSP7BxVU/J3ewz1+k9+qLtX5FTySXwASEhI9LZEed6nW9PO/kFesKO/paOVobrrA7pgWpGbpaxrlNtj0Id9zBF/nP2UHkc0qmDiUJCluecsowsmE1uy1CRZuvbrCiaHuTWVd23SeL88NDb2KbYdGvLv5m7et7Zh867LbLpS0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/jx04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirswIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQeOBQAAAACE+VuH0bMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcCgAA//9aTM01") open(&(0x7f0000002000)='./bus\x00', 0x143142, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff) (async) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x105042, 0x1ff) (async) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x105042, 0x1ff) writev(r3, &(0x7f0000000000)=[{&(0x7f0000000240)="0bcb", 0x2}], 0x1) truncate(&(0x7f0000000000)='./file1\x00', 0x8800000) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x5000003, 0x11, r2, 0x0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef9cc097fce47d85272036dc78388e3dc177e9b496", "b732676c181c2082669dd06388bd49bd03e6bbc2ebce21aa45a7fea6180766b9"}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.numa_stat\x00', 0x275a, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r4, 0x81f8943c, &(0x7f0000000640)) (async) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r4, 0x81f8943c, &(0x7f0000000640)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1a4243c, &(0x7f00000001c0)=ANY=[@ANYRES16=r6, @ANYRES8, @ANYRES32=r8, @ANYRES32=r9, @ANYRESDEC=r7, @ANYRESOCT, @ANYRES64=r8, @ANYRES64=r1, @ANYRES8=r5, @ANYRES8=0x0], 0x3, 0x0, &(0x7f0000000000)) (async) syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000100)='.\x00', 0x1a4243c, &(0x7f00000001c0)=ANY=[@ANYRES16=r6, @ANYRES8, @ANYRES32=r8, @ANYRES32=r9, @ANYRESDEC=r7, @ANYRESOCT, @ANYRES64=r8, @ANYRES64=r1, @ANYRES8=r5, @ANYRES8=0x0], 0x3, 0x0, &(0x7f0000000000)) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000006c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000700)={0x24, r10, 0x1, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x1008}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000700)={0x24, r10, 0x1, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x1008}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r12 = socket$inet6_udplite(0xa, 0x2, 0x88) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040)) (async) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040)) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000680)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000400)="27f0b94c0000", 0x0, 0xfffffbfc, 0x0, 0x100004, 0x0}) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000880)=@bpf_lsm={0x9, 0x6, &(0x7f0000000200)=ANY=[@ANYBLOB="18040000000000000000000000000000180000000000000000000000000000003c44e0ff000000009500000000000000abe123dc09418c27346ce48f09f5c6e8b2faf21c4dcea9a73579e82feb4f9503f9691013cebb39812a32e1e1a5f708d7"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r12, 0x89f1, &(0x7f00000001c0)={'ip6tnl0\x00', &(0x7f0000000140)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast1, @loopback}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r12, 0x89f1, &(0x7f0000000080)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, @mcast2}}) [ 70.759514][ T5091] Bluetooth: hci0: command tx timeout [ 71.284814][ T5105] loop0: detected capacity change from 0 to 32768 [ 71.308080][ T5105] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.0 (5105) [ 71.357141][ T5105] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 71.375007][ T5105] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 71.392677][ T5105] BTRFS info (device loop0): using free-space-tree [ 71.464243][ T24] audit: type=1800 audit(1726937116.798:2): pid=5105 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=260 res=0 errno=0 [ 71.502039][ T24] audit: type=1800 audit(1726937116.798:3): pid=5106 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=260 res=0 errno=0 [ 71.530175][ T5105] loop0: detected capacity change from 32768 to 0 [ 71.538047][ T24] audit: type=1800 audit(1726937116.818:4): pid=5105 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file2" dev="loop0" ino=261 res=0 errno=0 [ 71.564170][ T1038] kworker/u4:8: attempt to access beyond end of device [ 71.564170][ T1038] loop0: rw=67112961, sector=10440, nr_sectors = 8 limit=0 [ 71.571480][ T11] kworker/u4:0: attempt to access beyond end of device [ 71.571480][ T11] loop0: rw=67110913, sector=10496, nr_sectors = 8 limit=0 [ 71.577565][ T11] BTRFS error (device loop0): bdev /dev/loop0 errs: wr 1, rd 0, flush 0, corrupt 0, gen 0 [ 71.592188][ T24] audit: type=1800 audit(1726937116.818:5): pid=5106 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file2" dev="loop0" ino=261 res=0 errno=0 [ 71.608912][ T1038] BTRFS error (device loop0): bdev /dev/loop0 errs: wr 2, rd 0, flush 0, corrupt 0, gen 0 [ 71.626682][ T1038] kworker/u4:8: attempt to access beyond end of device [ 71.626682][ T1038] loop0: rw=67112961, sector=10448, nr_sectors = 8 limit=0 [ 71.650118][ T1038] BTRFS error (device loop0): bdev /dev/loop0 errs: wr 3, rd 0, flush 0, corrupt 0, gen 0 [ 71.664747][ T1038] kworker/u4:8: attempt to access beyond end of device [ 71.664747][ T1038] loop0: rw=67112961, sector=10456, nr_sectors = 8 limit=0 [ 71.680182][ T1038] BTRFS error (device loop0): bdev /dev/loop0 errs: wr 4, rd 0, flush 0, corrupt 0, gen 0 [ 71.687814][ T1038] kworker/u4:8: attempt to access beyond end of device [ 71.687814][ T1038] loop0: rw=67112961, sector=10480, nr_sectors = 8 limit=0 [ 71.712423][ T1038] BTRFS error (device loop0): bdev /dev/loop0 errs: wr 5, rd 0, flush 0, corrupt 0, gen 0 [ 71.726935][ T1038] kworker/u4:8: attempt to access beyond end of device [ 71.726935][ T1038] loop0: rw=67112961, sector=10488, nr_sectors = 8 limit=0 [ 71.732745][ T1038] BTRFS error (device loop0): bdev /dev/loop0 errs: wr 6, rd 0, flush 0, corrupt 0, gen 0 [ 71.748038][ T1038] kworker/u4:8: attempt to access beyond end of device [ 71.748038][ T1038] loop0: rw=67112961, sector=13440, nr_sectors = 8 limit=0 [ 71.776863][ T1038] BTRFS error (device loop0): bdev /dev/loop0 errs: wr 7, rd 0, flush 0, corrupt 0, gen 0 [ 71.811946][ T5105] BTRFS error (device loop0 state A): Transaction aborted (error -5) [ 71.815387][ T5105] BTRFS: error (device loop0 state A) in btrfs_start_dirty_block_groups:3462: errno=-5 IO failure [ 71.822947][ T5105] BTRFS info (device loop0 state EA): forced readonly [ 71.832181][ T5105] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed [ 71.841938][ T5106] BTRFS error (device loop0 state EMA): remounting read-write after error is not allowed [ 71.845932][ T5106] ================================================================== [ 71.849884][ T5106] BUG: KASAN: slab-use-after-free in rb_first_postorder+0x69/0x90 [ 71.853592][ T5106] Read of size 8 at addr ffff888000f83010 by task syz.0.0/5106 [ 71.858389][ T5106] [ 71.859592][ T5106] CPU: 0 UID: 0 PID: 5106 Comm: syz.0.0 Not tainted 6.11.0-syzkaller-08068-g1ec6d097897a #0 [ 71.864536][ T5106] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.869880][ T5106] Call Trace: [ 71.871561][ T5106] [ 71.873058][ T5106] dump_stack_lvl+0x241/0x360 [ 71.875453][ T5106] ? __pfx_dump_stack_lvl+0x10/0x10 [ 71.877854][ T5106] ? __pfx__printk+0x10/0x10 [ 71.880207][ T5106] ? _printk+0xd5/0x120 [ 71.882305][ T5106] ? __virt_addr_valid+0x183/0x530 [ 71.884975][ T5106] ? __virt_addr_valid+0x183/0x530 [ 71.887556][ T5106] print_report+0x169/0x550 [ 71.889865][ T5106] ? __virt_addr_valid+0x183/0x530 [ 71.892586][ T5106] ? __virt_addr_valid+0x183/0x530 [ 71.896574][ T5106] ? __virt_addr_valid+0x45f/0x530 [ 71.899245][ T5106] ? __phys_addr+0xba/0x170 [ 71.901582][ T5106] ? rb_first_postorder+0x69/0x90 [ 71.904249][ T5106] kasan_report+0x143/0x180 [ 71.908430][ T5106] ? rb_first_postorder+0x69/0x90 [ 71.910448][ T5106] rb_first_postorder+0x69/0x90 [ 71.912910][ T5106] btrfs_cleanup_defrag_inodes+0x2f/0x80 [ 71.918735][ T5106] btrfs_reconfigure+0x269c/0x2d40 [ 71.921098][ T5106] ? __pfx_btrfs_reconfigure+0x10/0x10 [ 71.923529][ T5106] ? __pfx_shrink_dcache_sb+0x10/0x10 [ 71.925823][ T5106] ? __pfx_generic_parse_monolithic+0x10/0x10 [ 71.928295][ T5106] ? hook_sb_remount+0x122/0x390 [ 71.930278][ T5106] ? security_sb_remount+0x13/0x280 [ 71.932386][ T5106] reconfigure_super+0x445/0x880 [ 71.934417][ T5106] path_mount+0xc22/0xfa0 [ 71.936334][ T5106] __se_sys_mount+0x2d6/0x3c0 [ 71.938432][ T5106] ? __pfx___se_sys_mount+0x10/0x10 [ 71.940738][ T5106] ? do_syscall_64+0x100/0x230 [ 71.942912][ T5106] ? __x64_sys_mount+0x20/0xc0 [ 71.944950][ T5106] do_syscall_64+0xf3/0x230 [ 71.946789][ T5106] ? clear_bhb_loop+0x35/0x90 [ 71.948696][ T5106] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.951106][ T5106] RIP: 0033:0x7fa48917f69a [ 71.953065][ T5106] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 71.961430][ T5106] RSP: 002b:00007fa488ffee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 71.965206][ T5106] RAX: ffffffffffffffda RBX: 00007fa488ffeef0 RCX: 00007fa48917f69a [ 71.973696][ T5106] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 71.977054][ T5106] RBP: 0000000020000180 R08: 00007fa488ffeef0 R09: 0000000001a4243c [ 71.980466][ T5106] R10: 0000000001a4243c R11: 0000000000000246 R12: 0000000020000100 [ 71.983984][ T5106] R13: 00007fa488ffeeb0 R14: 0000000000000000 R15: 00000000200001c0 [ 71.987461][ T5106] [ 71.988848][ T5106] [ 71.989907][ T5106] Allocated by task 1077: [ 71.992308][ T5106] kasan_save_track+0x3f/0x80 [ 71.994401][ T5106] __kasan_slab_alloc+0x66/0x80 [ 71.996537][ T5106] kmem_cache_alloc_noprof+0x135/0x2a0 [ 71.999339][ T5106] btrfs_add_inode_defrag+0x15c/0x790 [ 72.001520][ T5106] compress_file_range+0x2ef/0x1300 [ 72.003594][ T5106] btrfs_work_helper+0x390/0xc50 [ 72.005796][ T5106] process_scheduled_works+0xa63/0x1850 [ 72.007885][ T5106] worker_thread+0x870/0xd30 [ 72.009560][ T5106] kthread+0x2f0/0x390 [ 72.011158][ T5106] ret_from_fork+0x4b/0x80 [ 72.012929][ T5106] ret_from_fork_asm+0x1a/0x30 [ 72.014738][ T5106] [ 72.015658][ T5106] Freed by task 5105: [ 72.017285][ T5106] kasan_save_track+0x3f/0x80 [ 72.018987][ T5106] kasan_save_free_info+0x40/0x50 [ 72.021022][ T5106] __kasan_slab_free+0x59/0x70 [ 72.022863][ T5106] kmem_cache_free+0x1a2/0x420 [ 72.024610][ T5106] btrfs_cleanup_defrag_inodes+0x51/0x80 [ 72.026658][ T5106] btrfs_reconfigure+0x269c/0x2d40 [ 72.028526][ T5106] reconfigure_super+0x445/0x880 [ 72.030364][ T5106] path_mount+0xc22/0xfa0 [ 72.032053][ T5106] __se_sys_mount+0x2d6/0x3c0 [ 72.033681][ T5106] do_syscall_64+0xf3/0x230 [ 72.035458][ T5106] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.037938][ T5106] [ 72.039171][ T5106] The buggy address belongs to the object at ffff888000f83000 [ 72.039171][ T5106] which belongs to the cache btrfs_inode_defrag of size 56 [ 72.045069][ T5106] The buggy address is located 16 bytes inside of [ 72.045069][ T5106] freed 56-byte region [ffff888000f83000, ffff888000f83038) [ 72.049836][ T5106] [ 72.050735][ T5106] The buggy address belongs to the physical page: [ 72.053210][ T5106] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xf83 [ 72.056470][ T5106] flags: 0x7ff00000000000(node=0|zone=0|lastcpupid=0x7ff) [ 72.059116][ T5106] page_type: f5(slab) [ 72.060608][ T5106] raw: 007ff00000000000 ffff88803dbd9b40 dead000000000122 0000000000000000 [ 72.063975][ T5106] raw: 0000000000000000 00000000802e002e 00000001f5000000 0000000000000000 [ 72.067515][ T5106] page dumped because: kasan: bad access detected [ 72.069974][ T5106] page_owner tracks the page as allocated [ 72.072293][ T5106] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1077, tgid 1077 (kworker/u4:9), ts 71481233462, free_ts 71442130359 [ 72.079394][ T5106] post_alloc_hook+0x1f3/0x230 [ 72.081213][ T5106] get_page_from_freelist+0x3045/0x3190 [ 72.083217][ T5106] __alloc_pages_noprof+0x256/0x6c0 [ 72.085342][ T5106] alloc_pages_mpol_noprof+0x3e8/0x680 [ 72.087419][ T5106] alloc_slab_page+0x6a/0x120 [ 72.089213][ T5106] allocate_slab+0x5a/0x2f0 [ 72.091017][ T5106] ___slab_alloc+0xcd1/0x14b0 [ 72.092908][ T5106] __slab_alloc+0x58/0xa0 [ 72.094561][ T5106] kmem_cache_alloc_noprof+0x1c1/0x2a0 [ 72.096641][ T5106] btrfs_add_inode_defrag+0x15c/0x790 [ 72.098696][ T5106] compress_file_range+0x2ef/0x1300 [ 72.100657][ T5106] btrfs_work_helper+0x390/0xc50 [ 72.102453][ T5106] process_scheduled_works+0xa63/0x1850 [ 72.104574][ T5106] worker_thread+0x870/0xd30 [ 72.106254][ T5106] kthread+0x2f0/0x390 [ 72.107944][ T5106] ret_from_fork+0x4b/0x80 [ 72.109769][ T5106] page last free pid 78 tgid 78 stack trace: [ 72.112064][ T5106] free_unref_folios+0xf12/0x18d0 [ 72.113885][ T5106] shrink_folio_list+0x81fd/0x8cc0 [ 72.115698][ T5106] evict_folios+0x549b/0x7b50 [ 72.117307][ T5106] try_to_shrink_lruvec+0x9ab/0xbb0 [ 72.119101][ T5106] shrink_one+0x3b9/0x850 [ 72.120606][ T5106] shrink_node+0x3799/0x3de0 [ 72.122195][ T5106] kswapd+0x1ca3/0x3700 [ 72.123908][ T5106] kthread+0x2f0/0x390 [ 72.125476][ T5106] ret_from_fork+0x4b/0x80 [ 72.127300][ T5106] ret_from_fork_asm+0x1a/0x30 [ 72.129197][ T5106] [ 72.130094][ T5106] Memory state around the buggy address: [ 72.132239][ T5106] ffff888000f82f00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 72.135377][ T5106] ffff888000f82f80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 72.138325][ T5106] >ffff888000f83000: fa fb fb fb fb fb fb fc fc fc fc fa fb fb fb fb [ 72.140909][ T5106] ^ [ 72.142437][ T5106] ffff888000f83080: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.145078][ T5106] ffff888000f83100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.147768][ T5106] ================================================================== [ 72.152168][ T5106] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 72.155022][ T5106] CPU: 0 UID: 0 PID: 5106 Comm: syz.0.0 Not tainted 6.11.0-syzkaller-08068-g1ec6d097897a #0 [ 72.158947][ T5106] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 72.163242][ T5106] Call Trace: [ 72.164581][ T5106] [ 72.165754][ T5106] dump_stack_lvl+0x241/0x360 [ 72.167707][ T5106] ? __pfx_dump_stack_lvl+0x10/0x10 [ 72.169770][ T5106] ? __pfx__printk+0x10/0x10 [ 72.171606][ T5106] ? lock_release+0xbf/0xa30 [ 72.173489][ T5106] ? vscnprintf+0x5d/0x90 [ 72.175221][ T5106] panic+0x349/0x880 [ 72.176812][ T5106] ? check_panic_on_warn+0x21/0xb0 [ 72.178832][ T5106] ? __pfx_panic+0x10/0x10 [ 72.180638][ T5106] ? mark_lock+0x9a/0x360 [ 72.182174][ T5106] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 72.184285][ T5106] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 72.186367][ T5106] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 72.188602][ T5106] ? print_report+0x502/0x550 [ 72.190313][ T5106] check_panic_on_warn+0x86/0xb0 [ 72.192285][ T5106] ? rb_first_postorder+0x69/0x90 [ 72.194316][ T5106] end_report+0x77/0x160 [ 72.196049][ T5106] kasan_report+0x154/0x180 [ 72.197890][ T5106] ? rb_first_postorder+0x69/0x90 [ 72.199798][ T5106] rb_first_postorder+0x69/0x90 [ 72.201604][ T5106] btrfs_cleanup_defrag_inodes+0x2f/0x80 [ 72.203945][ T5106] btrfs_reconfigure+0x269c/0x2d40 [ 72.205910][ T5106] ? __pfx_btrfs_reconfigure+0x10/0x10 [ 72.207953][ T5106] ? __pfx_shrink_dcache_sb+0x10/0x10 [ 72.209942][ T5106] ? __pfx_generic_parse_monolithic+0x10/0x10 [ 72.212162][ T5106] ? hook_sb_remount+0x122/0x390 [ 72.213951][ T5106] ? security_sb_remount+0x13/0x280 [ 72.215988][ T5106] reconfigure_super+0x445/0x880 [ 72.218085][ T5106] path_mount+0xc22/0xfa0 [ 72.219848][ T5106] __se_sys_mount+0x2d6/0x3c0 [ 72.221687][ T5106] ? __pfx___se_sys_mount+0x10/0x10 [ 72.223803][ T5106] ? do_syscall_64+0x100/0x230 [ 72.225740][ T5106] ? __x64_sys_mount+0x20/0xc0 [ 72.227683][ T5106] do_syscall_64+0xf3/0x230 [ 72.229531][ T5106] ? clear_bhb_loop+0x35/0x90 [ 72.231471][ T5106] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.233903][ T5106] RIP: 0033:0x7fa48917f69a [ 72.235740][ T5106] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 72.243364][ T5106] RSP: 002b:00007fa488ffee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 72.246880][ T5106] RAX: ffffffffffffffda RBX: 00007fa488ffeef0 RCX: 00007fa48917f69a [ 72.250352][ T5106] RDX: 0000000020000180 RSI: 0000000020000100 RDI: 0000000000000000 [ 72.253822][ T5106] RBP: 0000000020000180 R08: 00007fa488ffeef0 R09: 0000000001a4243c [ 72.257202][ T5106] R10: 0000000001a4243c R11: 0000000000000246 R12: 0000000020000100 [ 72.260265][ T5106] R13: 00007fa488ffeeb0 R14: 0000000000000000 R15: 00000000200001c0 [ 72.263444][ T5106] [ 72.265002][ T5106] Kernel Offset: disabled [ 72.266749][ T5106] Rebooting in 86400 seconds..