program:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004cc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000080)={[{@part={'part', 0x3d, 0x500f}}, {@nodecompose}, {}, {@part={'part', 0x3d, 0xc}}, {@uid}, {@barrier}, {@nls={'nls', 0x3d, 'cp949'}}, {@gid={'gid', 0x3d, 0xee00}}]}, 0x3, 0x5f4, &(0x7f0000000640)="$eJzs3c9rHOcZB/DvrNay5YKzSewkLS0V9qElprZWmzg6FOqWUnQIJdBLLjkIex0Lr5UgbYoSSpH789r/IClFPvfUQ+nBkJ577VHQQw6F3nVzmdlZaW0rshQr2lXy+cC77zv7zrzzzOOZVzuzmA3wtbX4dk49SJHFy2+ul8tbm53e1mbn7rCd5HSSRtIcVClWkuLT5HoGJd8s36yHKz5vP+98/MbCZ+3795KiORirOVy/sd92B7NRl8wmmarroxrvxjOPV+wcYZmwS8PEwbg9fMLGYTZ/xusWmGSt5GySM/XngNSzQ2PMYT2zQ81yAAAAcEI9t53trOfcuOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk6RIpgZVVRrD9myK4e//T9fvpW6faA/GHQAAAAAAAAAAHIHvbmc76zk3XH5YVN/5X6wWzlev38gHWUs3q7mS9Syln35W007SGhloen2p319tP3XLItl4NITBlvPHcLAAAAAAAAAA8NX1myzufv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACToEimBlVVzg/brTSaSc4kmS7X20j+MWyfZA/GHQAAAAAcg+e2s531nBsuPyyqe/6Xqvv+M/kgK+lnOf300s3N6lnA4K6/sbXZ6W1tdu6W5clxf/y/Q4VRjZjBs4e99zxXrXFhZ4vF/Cy/yOXM5q2sZjm/zFL66WY2P61aSynSqp9etIZx7h3v9UeW3nparK9UkczkVpar2K7kRt5LLzfTqI6hWmf/Pd4rs1P8qHbAHN2s6/KI/lTXk6FVZeTUTkbm6tyX2Xh+/0wc8jx5fE/tNHaeQZ3/99Hn/Gxdl7n+w0TnfH7k7Htp/5wnF//znb/d7q3cuX1r7fLkHNIX9HgmOiOZePlrlYnpOhuDWfRws+XFattzWc7P815uppvXs5DXM5/X8lrmspBrI3m9cID5rXG4a+3S9+vGTJI/1vVkKPP6/EheR2e6VtU3+s4gS+XJ9MLR/xVofqtulPv4bV1Phscz0R45X17cPxN/fli+rvVW7qzeXnr/gPv7Xl2Xmf79RM3N5fnyQvmPVS09enaUfS/u2deu+s7v9DWe6Luw0/e0K3W6/gz35EjzVd/Le/Z1qr5XRvr2+pQDwITa/U777Ktnp2f+O/OvmU9mfjdze+bNMz85vXD629M59c/m36f+2rjf+GHxaj7Jr3fv/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC9u7cOP7iz1hj8D0Ot1VwfvfMUaf8lEhKFx0hrN+sqYlHiOrzHGSQk4Flf7d9+/uvbhRz9Yvrv0bvfd7kqn0742v3BtYf7a1VvLve7c4HXcYQJfgt0/+uOOBAAAAAAAAAAAADio4/jvBOM+RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBkW3w7px6kSHvuyly5vLXZ6ZVl2N5ds5mkkaT4VVJ8mlzPoKQ1Mlzxeft55+M3Fj5r37+3O1ZzuH5jv+0OZqMumU0yVddHNd6NZx6v2DnCMmGXhomDcft/AAAA//9Shwfb")
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x4000, 0xa00}])
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
syz_mount_image$btrfs(&(0x7f0000000140), &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x800852, &(0x7f0000000400)={[{@nossd_spread}, {@autodefrag}, {@check_int_data}, {@discard_sync}, {@clear_cache}, {@space_cache_v1}, {@clear_cache}, {@nodatacow}]}, 0xfb, 0x5101, &(0x7f000000a240)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5LrqA4Cf2dd4H97dBCpCimCBOsYFr9d2eKhNxTpNVRRKWZeUqEIUG3sdFm+wsZ2CI0CODUpRBE1LJPjQKI4QqvMhqUWCAk2iuJEwipoHStWIJEpEWieIKDQNoFCIRKrZe8/snXN3HrZ3E2/6+0neOTP/87zz8Jx775wLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Pxz70mf+tlX83t9e9OgTl05+8uCmS5/9/EVnPxjC1NzjlSxcGbj6+smf33zhLQfv2HDDbScufntfXi6Ph8Han678zhdjrSdWhnB7JYSeNLB2KAv05veHYn1vGArhrDAfqJeYHshKpA2H7/eHcDjMB+pVfa8/hKFC4JKH7rn7K7XEdf0hrAohVNM2Hq9mbfSngfP6ssBAGtjVkwV+9VKmHvhuVxaA0xbfDPUX/dGpxgyjC5dr8vrrXbSOvbLS4XXHxGjzfD/btMSdKuhLH5g6raetVB1LovT2OObdtgzebaXtfK2nrfhFKv+G8tJ8qBq6tk/v2HrF7L74SFcYH+9uVtMSPc+PPP+5bSeTXjavw9iB0UV5HX71gVU3d6/5wP23rV319JF3HHrmdLv5o8ImLaaXWjXkr7ll8zxGkz5PlsHbr/QtacyXrhDCjk/83gdbxUvz/9HW8//4co63XQ25Y60vDmdz8/jIUEw8N5zNzQEAAGDZWA57TXeN3/WeQvGRalJfaf4/1tnx/3jIP5/MZ6M9FsLkXOLQSAjnzD2eBW6KzX18JIQ3z6WmGgObksCxEF4/l1hTryopsSKWGEsCPxnOA5NJ4HgMTCWBb8XAtUngizFwNAlsi4FjSeDCGAgzjeP4/eF8HB0H+mNgS7YRj8azEH4xHFtLttVj9aoAAAAWST477G28WzjX4XQzxOnl0f52GeIZ2E0zVJMa0hlsfVrVtIaedjV0tauhPu4DrYdfqrnSrubSaRiVxgzX//JvPhRaKM3/J1rP/6sLdKRSOv4fwua5vzF3Vx6Zrce3TDVkAAAAAE7D4P8++c1W8dL8f7Kz8//jPpHuQuZwX9wNsXMkhInGQFbtH5YD2VHvwTwAAAAAy0H9eHz9WPhMfpudop3Op8v5p04yfzzwP7lg/r5jd25p1d/S/H+qs/P/Bxpvs04cj7342kgIKwqBH8Re1gJzxmLgx+9tDOTjPx43wDWxqvzEhHpV18QSW2JgIgkcblbih/US5zQG8ier3vih+jhm8hKFAAAAALzs4u6AeFw+nv//lt9s+EyrcqX5/5aTO/9/bh5cOr1/djCEdT0hdKc/DLhvIFsYMAaGKnniroGsru60qqsGQrigNrC0qifz9f970jUGH+rPqoqBc95y5Pnzaolv9oewrhh4+CM3vrOW2JcE6o3/ZX8Ib6qNNm38OyuyxnvTxr++IoQ3FgL1qj6+IoRaY31pVfdU8+sYpFX9czWE1xQC9areVQ1hfwBgmYr/lW4vPrh3/5U7t87OTu9ZwkTch98fdszMTo9v2zW7vdqkT9uTPjcsY3RVeUydXvnmsXyJog/funmok3T9d4ITxbby/filEwfz+/G7UO/cODf0NtzdmA75bW8tNxEK36SaDblriYc8UKxk/kks1R/z94XBsOKKvdN7xj+7dd++Peuzv51m35D9jYeZsm21Pt1WAwv1rYOXR9PVshKnuq1WFytZt+/y3ev27r9y7czlWy+bvmz6U+vftWHi/ImNE+8+f11tVBPZ3zZDXb1Q1clQX7qxw3Et4lDP7SlU8nJ8akhISCy3xK7B1S3/Ty7N/3e3nv/HT534yZ+vz9Ds+P9oPMyfPT5/mH9LDBzu9Pj/aLOj+fUTA8aSwIEYOOAwPwAAAK8OcZIf92bGvdI/XfOdp1uVK83/D3T2+/9FWv+/vnT9xc2W+V8TS0w0W/8/Xea/vv7/gWbr/6fL/NfX/z/8Cqz/f0U9kGySX1j/HwAAeDVYovX/K+UMbZf3Ty8QUMrQdnn/9AIBpQxtl/Hv9AIBJ73+/+P/+Vf/HVoozf+v7Wz+b+F+AAAAOHN84c8+8zut4qX5/+HO5v8v//p/odn5/2PNAlPNFga0/h8AAADLVLP1/0avHvhYq3Kl+f/Rzub/8bSLrobcsdYXh7M17UK6pt1zw/WfDAAAAMDy0BXGx3s7zNuwMuqmU2/zkXwp0Fbpoif/5MTJnf9/rLP5f8PvMr76wKqbu9d84P4Xb1u76ukj7zj0zPzxfwAAAGDpdLpfAgAAAAAAAAAAAAAAeOU9+R8HN7aKl37/HzbPPd7s9//xun/x9wWvbcgda22//l9+/5L337J/bsnC+4ZDeGsxsPPgzrNCfm3+1cXA3R9d87pa4mBa4s4nLnyqlvhYGnjf2rNfqCUuSAJb4iKJr08D8aqKL6xMAnF5xX9PA3F7HE0DfXngyyuzcVTSbfXToWxbVdJt9ehQCCOFQH1b3T6UtVFJB3hdEqgP8NNpIA7wz/NAV9qrWwazXsXAUCx6w2DWKwAAzljxW2Bv2DEzOz0Rv8LH23N7Gm+jhiXLripXW+mw+cfypck+fOvmoU7S3el30flrjfeGam0I60tfV4tZKnOjXJxa2my61zYZcrvV3rqalEud7Kbraz6i/mxE49t2zW7vbTvwje2zbOhpm2V9abJTzNI1t0k7qKWDvnQwog63TQddjve7wvh4d5LrD2JwNDRo94ro9Pf6xXX+mr0Kink+deLQr1rVV5r/j3Y2/68Wx/VCfjGAA/HKen83Ypl/AAAAWFpf3vTrb8R/H7r63odb5S3N/8c6m//HPVj5oeBsb8exeP3/QyMhzF1afzQL3BSb+/hICG+eS03FEtkF9S+OJSaywE1xh8maWGLLVGNVK2LgaBL4yXAeOJYEjsdAvpfiSMh35fz9cAjvnEttbiyxO5YYTQIfjIGxJDAeAxNJYGUMTCaBZ1fmgakk8G8xEGYat9WtK/NtBQAAcDLyeVZv492QzvOO9rTLUGmXYaBdhq52GartMjQbRbz/7ZihNzl5pVLI1JvW2p/UUsoQL4Z/0v0qZQg/bMyZFiw1Hc8/qJ9vUGnMcMd7eqqhhdL8f6Kz+f9A423W+vE4/5+//l8W+EHs3tfiqeNjMfDj9zYG8h0Dx+Nk95p6VVN5iXzSfk0sMRkDY0lgdwxMJoEtm/PA4dc1BvKZdr3xQ/XGZ/IShQAAAAAsptFOMsUdBHE3TZz/37D3S4OtypXm/5Odzf9je4PFxr4Yaz2xMoTbK/O9qQfWDmWBuB9jKP48/g1DIZxV2MFRLzE9kJXoSxoO3+/PfqHel1b1vf7sxwfx/iUP3XP3V2qJ6/pDWFXY+1Jv4/Fq1kZ/GjivLwsMpIFdPVkg7vmpB77blQXgtNX3CsYXVH6qS12Tj4Ymr79XyzVB0+GV9oEukG+h31wtldIO13yfat3JPW0t99+yaEpvj2Pebcvx3Tbq3Vb8IpV/Q3lpPlQNXdund2y9YnZffKT4S9aSJXqei79S7SS9CK/DA6fe2/aqaQcmko+PiYXLLfw6rMTqvvrAqpu713zg/tvWrnr6yDsOPdNxN5qIPxS+5/P/OvSjwuZdatWQv+aW3efJlM+TZfHfQPLuHvO0hRA2P/v1a1rFS/P/qc7m/z3J7Zxfx425dySEtxU27n1x8//xSPY5WAhkn5KvKQeyQ+7/Ndz0kxMAAAAWW313R31/wUx+m50Qns6Ty/mnTjJ/3F8xuWD+Tvs98NcfXdUqXpr/b2k9/1+RdNPxf8f/WSKO/y/oTN8VvSJ94MBp7YouVceScPx/QWf6u83x/wU5/u/4/0Ic/2/D8f8FnelPW+lb0m5fukIIT//RXY+2ipfm/7s7m/9b/2/hRfvq6/9tabb+3+5m6/8dsP4fAACwpJosNJfO80qr95UypKv3lTK0XSCw7RKD1v876fX/njr38d+EFkrz/wOdzf/jy2Gw2PpyWf9vbHOTqq6Ngd0WBgQAAOBM1GwHAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAK+sO/7hf7a3it/724sefeLSyU8e3HTps5+/6OwHQ5iZe7yShSsDV18/+fObL7zl4B0bbrjtxMVvr+blevPb323IHWt9cTiEw4VHhmLiueHanfnAJe+/ZX9PLXHfcAhvLQZ2Htx5Vi3xreEQVhcDd390zetqiYNpiTufuPCpWuJjaeB9a89+oZa4IA9U0u7+48qsu5W0u19ZGcJIIVDv7idXNlZVb+NP80BX2sY/DWVtxMBQLPqNoayNGJiNJWZWhLCuJ4TutKp7q1lV3WlV/1LNqupOq/pCNYQLQgg9aVVP9GVV9aQjf7AvqyoGznnLkefPqyUO94Wwrhh4+CM3vrOW+HQSqDf+F30hvKn2kkkb/3Zv1nhv2vh1vSG8MYTQl5b4ZU9Woi8t8WRPCK8pBOqNf6InhP2BV4X44dPwibZ3/5U7t87OTu9ZwkRf3lZ/2DEzOz2+bdfs9mrSp2YqhfRLV5362B97/nPbarcfvnXzUCfpnrxc71yXN/Q23N14pvc+9mugWMn881GqP+bvC4NhxRV7p/eMf3brvn171md/O82+IfvbnUezbbV+uWyr1cVK1u27fPe6vfuvXDtz+dbLpi+b/tT6d22YOH9i48S7z19XG9VE9ncxhnrjyz/Uc3sKlbwcHwASEhLLLdHV8Ok2caZ/kJe+6M93tDdU5z6gS9OKYpbK3CgXY9CbTnHEp/I9pe2I1pcmDqUsGxbIclVjlo2lycR8Lf1ZlrnvdaXJYbGxrrlNGu93hfHx7mbbYbTxbnHz/uw0Nu8j+abrNA0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgUgAAAP//1SMkMQ==")
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff)
creat(&(0x7f0000000240)='./file1\x00', 0xd)
fallocate(r3, 0x10, 0x2, 0xa4f)
syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4800, 0x0, 0x3, 0x0, &(0x7f0000000080))
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c})
chdir(&(0x7f0000000140)='./file0\x00')
rename(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

[  108.989008][ T5307] Bluetooth: hci0: command tx timeout
[  109.155430][ T5331] loop0: detected capacity change from 0 to 1024
[  109.285820][ T4718] udevd[4718]: worker [5303] terminated by signal 33 (Unknown signal 33)
[  109.699958][   T24] audit: type=1800 audit(1773214726.043:2): pid=5331 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=20 res=0 errno=0
[  109.710955][ T5331] 
[  109.712167][ T5331] ======================================================
[  109.715554][ T5331] WARNING: possible circular locking dependency detected
[  109.718848][ T5331] syzkaller #0 Not tainted
[  109.720804][ T5331] ------------------------------------------------------
[  109.723887][ T5331] syz.0.0/5331 is trying to acquire lock:
[  109.726444][ T5331] ffff8880376c98f8 (&sbi->alloc_mutex){+.+.}-{4:4}, at: hfsplus_block_free+0xc7/0x630
[  109.731566][ T5331] 
[  109.731566][ T5331] but task is already holding lock:
[  109.735651][ T5331] ffff888037871c08 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2b3/0xc30
[  109.740683][ T5331] 
[  109.740683][ T5331] which lock already depends on the new lock.
[  109.740683][ T5331] 
[  109.745153][ T5331] 
[  109.745153][ T5331] the existing dependency chain (in reverse order) is:
[  109.749221][ T5331] 
[  109.749221][ T5331] -> #1 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}:
[  109.753472][ T5331]        __mutex_lock+0x19f/0x1300
[  109.756762][ T5331]        hfsplus_get_block+0x39e/0x1670
[  109.760467][ T5331]        block_read_full_folio+0x29f/0x830
[  109.763871][ T5331]        filemap_read_folio+0x137/0x3b0
[  109.766485][ T5331]        do_read_cache_folio+0x358/0x590
[  109.769092][ T5331]        read_cache_page+0x5d/0x170
[  109.771507][ T5331]        hfsplus_block_allocate+0xf3/0xce0
[  109.774206][ T5331]        hfsplus_file_extend+0xb2d/0x1d70
[  109.776771][ T5331]        hfsplus_get_block+0x42c/0x1670
[  109.779150][ T5331]        __block_write_begin_int+0x6c6/0x1910
[  109.781975][ T5331]        cont_write_begin+0x737/0xae0
[  109.784461][ T5331]        hfsplus_write_begin+0x66/0xb0
[  109.787057][ T5331]        cont_write_begin+0x7cc/0xae0
[  109.789702][ T5331]        hfsplus_write_begin+0x66/0xb0
[  109.792334][ T5331]        generic_perform_write+0x2e2/0x8f0
[  109.795323][ T5331]        generic_file_write_iter+0x14a/0x680
[  109.798073][ T5331]        aio_write+0x5cd/0x870
[  109.800323][ T5331]        io_submit_one+0x7bb/0x14c0
[  109.802666][ T5331]        __se_sys_io_submit+0x195/0x340
[  109.805191][ T5331]        do_syscall_64+0x14d/0xf80
[  109.807411][ T5331]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.810443][ T5331] 
[  109.810443][ T5331] -> #0 (&sbi->alloc_mutex){+.+.}-{4:4}:
[  109.814070][ T5331]        __lock_acquire+0x15a5/0x2cf0
[  109.817346][ T5331]        lock_acquire+0xf0/0x2e0
[  109.819478][ T5331]        __mutex_lock+0x19f/0x1300
[  109.821912][ T5331]        hfsplus_block_free+0xc7/0x630
[  109.824351][ T5331]        hfsplus_free_extents+0x121/0xa50
[  109.827087][ T5331]        hfsplus_file_truncate+0x762/0xc30
[  109.829810][ T5331]        hfsplus_setattr+0x1c4/0x270
[  109.832248][ T5331]        notify_change+0xc1a/0xf40
[  109.834555][ T5331]        do_truncate+0x1c2/0x250
[  109.836848][ T5331]        path_openat+0x2f89/0x3860
[  109.839173][ T5331]        do_file_open+0x23e/0x4a0
[  109.841325][ T5331]        do_sys_openat2+0x113/0x200
[  109.843559][ T5331]        __x64_sys_creat+0x8f/0xc0
[  109.845739][ T5331]        do_syscall_64+0x14d/0xf80
[  109.847955][ T5331]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.850819][ T5331] 
[  109.850819][ T5331] other info that might help us debug this:
[  109.850819][ T5331] 
[  109.856187][ T5331]  Possible unsafe locking scenario:
[  109.856187][ T5331] 
[  109.860806][ T5331]        CPU0                    CPU1
[  109.863825][ T5331]        ----                    ----
[  109.867138][ T5331]   lock(&HFSPLUS_I(inode)->extents_lock);
[  109.870738][ T5331]                                lock(&sbi->alloc_mutex);
[  109.875254][ T5331]                                lock(&HFSPLUS_I(inode)->extents_lock);
[  109.878884][ T5331]   lock(&sbi->alloc_mutex);
[  109.881300][ T5331] 
[  109.881300][ T5331]  *** DEADLOCK ***
[  109.881300][ T5331] 
[  109.885000][ T5331] 3 locks held by syz.0.0/5331:
[  109.887080][ T5331]  #0: ffff888041cf4420 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  109.891105][ T5331]  #1: ffff888037871df8 (&sb->s_type->i_mutex_key#25){+.+.}-{4:4}, at: do_truncate+0x18f/0x250
[  109.895812][ T5331]  #2: ffff888037871c08 (&HFSPLUS_I(inode)->extents_lock){+.+.}-{4:4}, at: hfsplus_file_truncate+0x2b3/0xc30
[  109.901047][ T5331] 
[  109.901047][ T5331] stack backtrace:
[  109.903683][ T5331] CPU: 0 UID: 0 PID: 5331 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  109.903709][ T5331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  109.903718][ T5331] Call Trace:
[  109.903727][ T5331]  <TASK>
[  109.903735][ T5331]  dump_stack_lvl+0xe8/0x150
[  109.903765][ T5331]  print_circular_bug+0x2e1/0x300
[  109.903789][ T5331]  check_noncircular+0x12e/0x150
[  109.903815][ T5331]  __lock_acquire+0x15a5/0x2cf0
[  109.903835][ T5331]  ? lockdep_unlock+0x5d/0xd0
[  109.903850][ T5331]  ? __lock_acquire+0x146e/0x2cf0
[  109.903862][ T5331]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  109.903878][ T5331]  lock_acquire+0xf0/0x2e0
[  109.903892][ T5331]  ? hfsplus_block_free+0xc7/0x630
[  109.903913][ T5331]  __mutex_lock+0x19f/0x1300
[  109.903931][ T5331]  ? hfsplus_block_free+0xc7/0x630
[  109.903943][ T5331]  ? rcu_is_watching+0x15/0xb0
[  109.903958][ T5331]  ? trace_contention_end+0x3d/0x150
[  109.903974][ T5331]  ? __mutex_lock+0x319/0x1300
[  109.903989][ T5331]  ? hfsplus_block_free+0xc7/0x630
[  109.904001][ T5331]  ? __pfx___mutex_lock+0x10/0x10
[  109.904020][ T5331]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  109.904035][ T5331]  hfsplus_block_free+0xc7/0x630
[  109.904044][ T5331]  ? __kmalloc_noprof+0x37d/0x760
[  109.904055][ T5331]  ? hfsplus_free_extents+0x2a/0xa50
[  109.904066][ T5331]  hfsplus_free_extents+0x121/0xa50
[  109.904077][ T5331]  hfsplus_file_truncate+0x762/0xc30
[  109.904089][ T5331]  ? __pfx___up_read+0x10/0x10
[  109.904095][ T5331]  ? __pfx_hfsplus_file_truncate+0x10/0x10
[  109.904106][ T5331]  ? unmap_mapping_range+0xe6/0x180
[  109.904116][ T5331]  ? __pfx_unmap_mapping_range+0x10/0x10
[  109.904124][ T5331]  ? setattr_prepare+0x232/0xb30
[  109.904136][ T5331]  ? truncate_setsize+0xcf/0xf0
[  109.904169][ T5331]  hfsplus_setattr+0x1c4/0x270
[  109.904189][ T5331]  ? __pfx_hfsplus_setattr+0x10/0x10
[  109.904208][ T5331]  notify_change+0xc1a/0xf40
[  109.904222][ T5331]  do_truncate+0x1c2/0x250
[  109.904232][ T5331]  ? __pfx_do_truncate+0x10/0x10
[  109.904239][ T5331]  ? apparmor_file_truncate+0x39f/0x470
[  109.904391][ T5331]  path_openat+0x2f89/0x3860
[  109.904416][ T5331]  ? __pfx_stack_trace_save+0x10/0x10
[  109.904433][ T5331]  ? stack_depot_save_flags+0x33/0x810
[  109.904529][ T5331]  ? __pfx_path_openat+0x10/0x10
[  109.904549][ T5331]  ? __x64_sys_creat+0x8f/0xc0
[  109.904563][ T5331]  ? do_syscall_64+0x14d/0xf80
[  109.904577][ T5331]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.904585][ T5331]  ? __lock_acquire+0x6b5/0x2cf0
[  109.904594][ T5331]  do_file_open+0x23e/0x4a0
[  109.904605][ T5331]  ? __pfx_do_file_open+0x10/0x10
[  109.904618][ T5331]  ? _raw_spin_unlock+0x28/0x50
[  109.904626][ T5331]  ? alloc_fd+0x64b/0x6c0
[  109.904637][ T5331]  do_sys_openat2+0x113/0x200
[  109.904653][ T5331]  ? __se_sys_futex+0x3a8/0x450
[  109.904667][ T5331]  ? __pfx_do_sys_openat2+0x10/0x10
[  109.904682][ T5331]  ? rcu_is_watching+0x15/0xb0
[  109.904698][ T5331]  __x64_sys_creat+0x8f/0xc0
[  109.904713][ T5331]  do_syscall_64+0x14d/0xf80
[  109.904730][ T5331]  ? trace_irq_disable+0x3b/0x150
[  109.904746][ T5331]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.904752][ T5331]  ? clear_bhb_loop+0x40/0x90
[  109.904760][ T5331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.904768][ T5331] RIP: 0033:0x7f312dd9c799
[  109.904800][ T5331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  109.904807][ T5331] RSP: 002b:00007f312ebedfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  109.904819][ T5331] RAX: ffffffffffffffda RBX: 00007f312e015fa0 RCX: 00007f312dd9c799
[  109.904825][ T5331] RDX: 0000000000000000 RSI: 000000000000000d RDI: 0000200000000240
[  109.904831][ T5331] RBP: 00007f312de32c99 R08: 0000000000000000 R09: 0000000000000000
[  109.904836][ T5331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  109.904841][ T5331] R13: 00007f312e016038 R14: 00007f312e015fa0 R15: 00007ffcf91793c8
[  109.904852][ T5331]  </TASK>
[  110.123824][ T5331] hfsplus: unable to mark blocks free: error -5
[  110.129356][ T5331] hfsplus: can't free extent: start 134, count 1
[  110.135615][ T5331] overlay: filesystem on ./file0 not supported